From 849ac054985205e6843758425a68f8edffd847d9 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 12:11:08 +0000
Subject: [PATCH 01/58] feat(charts): update helm release traefik to v32.1.0
 (#3013)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 50672fc2e..6358a5747 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: v3.28.2
     repository: https://docs.projectcalico.org/charts
   - name: traefik
-    version: 32.0.0
+    version: 32.1.0
     repository: https://helm.traefik.io/traefik
   - name: memcached
     version: 7.5.0

From 720ef56eb041fc4937d31b2d62a87c909077e199 Mon Sep 17 00:00:00 2001
From: "Thomas P." <TPXP@users.noreply.github.com>
Date: Fri, 4 Oct 2024 15:53:21 +0200
Subject: [PATCH 02/58] enh(renovate): normalize commit messages and show
 previous version (#3014)

Currently, whenever a new major version is applied, renovate uses the pretty version which we don't really want

Let's standardize commit messages and show the previous version
---
 .github/renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index dcf0cfc25..cbc44bb5b 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -38,6 +38,7 @@
   "reviewers": [
     "team:team"
   ],
+  "commitMessageExtra": "to {{newVersion}} (was {{curentVersion}})",
   "prHourlyLimit": 0,
   "packageRules": [
     {

From 94aa5d05895279736e0a84387c2e8a0fd76174cf Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 21:18:56 +0000
Subject: [PATCH 03/58] fix(charts): update karpenter docker tag to v1.0.6
 (#3017)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 6358a5747..7fd90baac 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -48,7 +48,7 @@ dependencies:
     version: 1.7.2
     repository: https://charts.helm.sh/stable
   - name: karpenter
-    version: 1.0.5
+    version: 1.0.6
     repository: oci://public.ecr.aws/karpenter
   - name: keda
     version: 2.15.1

From 8966d25c1df724f90956ceaf195611dfc73c40cb Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin@particule.io>
Date: Sun, 6 Oct 2024 11:33:35 +0200
Subject: [PATCH 04/58] feat: google fixes (#3008)

* fix(google/cert-manager): better conditions on metrics

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* fix(google/thanos): improve service account and conditions

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* fix(google/data): compute project number automatically

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* fix(google/cert-manager): better conditions on metrics

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* fix(google/loki): compute gs service account with data source

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* feat(google/thanos-receive): add Thanos in receiver mode

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* feat(google/kube-prometheus-stack): allow thanos receiver & infer bucket location from datasources

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* feat(google/thanos-receive): add Thanos receiver to global variable

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* chore: update README

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* chore: update pre-commit

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

* feat: breaking change before release

BREAKING CHANGE:

* Google: Thanos and Kube prometheus were revamp and some default were
  remove and new condition added, please be careful with changelog when
  upgrading
* Google: By default do not create the SA with workload-identity module
  but let the helm chart create them and annotate them.

Signed-off-by: Kevin Lefevre <archi@kiln.fi>

---------

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 .pre-commit-config.yaml           |   2 +-
 README.md                         |   1 +
 modules/aws/README.md             |   1 +
 modules/azure/README.md           |   1 +
 modules/google/README.md          |  22 ++-
 modules/google/cert-manager.tf    |   2 +-
 modules/google/data.tf            |   2 +
 modules/google/external-dns.tf    |   2 +-
 modules/google/kube-prometheus.tf |  69 +++++--
 modules/google/loki-stack.tf      |   2 +-
 modules/google/thanos-receive.tf  | 303 ++++++++++++++++++++++++++++++
 modules/google/thanos.tf          |  64 ++++---
 modules/scaleway/README.md        |   1 +
 variables.tf                      |   6 +
 14 files changed, 423 insertions(+), 55 deletions(-)
 create mode 100644 modules/google/thanos-receive.tf

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6fb8bc17b..d08006a75 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,6 +14,6 @@ repos:
     - id: check-merge-conflict
     - id: end-of-file-fixer
 - repo: https://github.com/renovatebot/pre-commit-hooks
-  rev: 38.88.0
+  rev: 38.106.4
   hooks:
     - id: renovate-config-validator
diff --git a/README.md b/README.md
index 77cea3d4b..5a27c075b 100644
--- a/README.md
+++ b/README.md
@@ -309,6 +309,7 @@ No modules.
 | <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
+| <a name="input_thanos-receive"></a> [thanos-receive](#input\_thanos-receive) | Customize thanos chart, see `thanos-receive.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/aws/README.md b/modules/aws/README.md
index b1e2b2e55..b17f106e2 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -404,6 +404,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags for AWS resources | `map(any)` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
+| <a name="input_thanos-receive"></a> [thanos-receive](#input\_thanos-receive) | Customize thanos chart, see `thanos-receive.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 3169a341d..14edd249c 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -219,6 +219,7 @@ No modules.
 | <a name="input_secrets-store-csi-driver"></a> [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
+| <a name="input_thanos-receive"></a> [thanos-receive](#input\_thanos-receive) | Customize thanos chart, see `thanos-receive.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/google/README.md b/modules/google/README.md
index a0089edc5..dc23b9a80 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -53,8 +53,11 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_grafana"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_thanos"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_loki-stack"></a> [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos"></a> [iam\_assumable\_sa\_thanos](#module\_iam\_assumable\_sa\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_thanos-compactor"></a> [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| <a name="module_iam_assumable_sa_thanos-receive"></a> [iam\_assumable\_sa\_thanos-receive](#module\_iam\_assumable\_sa\_thanos-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-compactor"></a> [iam\_assumable\_sa\_thanos-receive-compactor](#module\_iam\_assumable\_sa\_thanos-receive-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-receive"></a> [iam\_assumable\_sa\_thanos-receive-receive](#module\_iam\_assumable\_sa\_thanos-receive-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-sg"></a> [iam\_assumable\_sa\_thanos-receive-sg](#module\_iam\_assumable\_sa\_thanos-receive-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_thanos-sg"></a> [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_thanos-storegateway"></a> [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_kube-prometheus-stack_grafana-iam-member"></a> [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 8.0 |
@@ -63,6 +66,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="module_loki-stack_bucket"></a> [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
 | <a name="module_loki-stack_bucket_iam"></a> [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
 | <a name="module_loki-stack_kms_bucket"></a> [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
+| <a name="module_thanos-receive_bucket"></a> [thanos-receive\_bucket](#module\_thanos-receive\_bucket) | terraform-google-modules/cloud-storage/google | ~> 6.0 |
+| <a name="module_thanos-receive_kms_bucket"></a> [thanos-receive\_kms\_bucket](#module\_thanos-receive\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
 | <a name="module_thanos-storegateway_bucket_iam"></a> [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
 | <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
 | <a name="module_thanos_kms_bucket"></a> [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
@@ -84,11 +89,18 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [google_service_account_iam_policy.admin-account-iam](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_policy) | resource |
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectAdmin_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.kube_prometheus_stack_thanos_bucket_objectViewer_iam_permission](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive-receive_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_legacyBucketWriter_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_compactor_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_receive_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_sg_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos-receive_sg_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos_compactor_gcs_iam_legacyBucketWriter_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos_compactor_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos_compactor_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
-| [google_storage_bucket_iam_member.thanos_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
-| [google_storage_bucket_iam_member.thanos_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos_receive_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
+| [google_storage_bucket_iam_member.thanos_receive_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos_sg_gcs_iam_objectCreator_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [google_storage_bucket_iam_member.thanos_sg_gcs_iam_objectViewer_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam_member) | resource |
 | [helm_release.admiralty](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -113,6 +125,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-memcached](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.thanos-receive](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -145,6 +158,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.thanos-receive](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -234,6 +248,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | [tls_self_signed_cert.thanos-tls-querier-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
 | [google_iam_policy.velero](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy) | data source |
 | [google_project.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
@@ -286,6 +301,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags for Google resources | `map(any)` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
+| <a name="input_thanos-receive"></a> [thanos-receive](#input\_thanos-receive) | Customize thanos chart, see `thanos-receive.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index cc84d6065..4d6ca09f0 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -44,7 +44,7 @@ serviceAccount:
     iam.gke.io/gcp-service-account: "${local.cert-manager.create_iam_resources && local.cert-manager.enabled ? module.cert_manager_workload_identity[0].gcp_service_account_email : ""}"
 prometheus:
   servicemonitor:
-    enabled: ${local.cert-manager.enable_monitoring}
+    enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"] || local.cert-manager.enable_monitoring}
     honorLabels: true
 securityContext:
   fsGroup: 1001
diff --git a/modules/google/data.tf b/modules/google/data.tf
index 8ac3c2544..3675dfb2a 100644
--- a/modules/google/data.tf
+++ b/modules/google/data.tf
@@ -1 +1,3 @@
 data "google_project" "current" {}
+
+data "google_client_config" "current" {}
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index 59b040799..510fe427c 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -34,7 +34,7 @@ locals {
           annotations:
             iam.gke.io/gcp-service-account: '${module.external_dns_workload_identity[k].gcp_service_account_email}'
         serviceMonitor:
-          enabled: ${v.enable_monitoring}
+          enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"] || v.enable_monitoring}
         priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
         VALUES
     },
diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index d5a07f0cc..b27d48755 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -9,18 +9,17 @@ locals {
       namespace                             = "monitoring"
       grafana_service_account_name          = "kube-prometheus-stack-grafana"
       prometheus_service_account_name       = "kube-prometheus-stack-prometheus"
-      workload_identity_use_existing_k8s_sa = false
+      workload_identity_use_existing_k8s_sa = true
       grafana_create_iam_resources          = false
       grafana_iam_policy_override           = null
       thanos_create_iam_resources           = true
       thanos_iam_policy_override            = null
       thanos_sidecar_enabled                = false
+      thanos_receive_enabled                = false
       thanos_dashboard_enabled              = true
       thanos_create_bucket                  = true
       thanos_bucket                         = "thanos-store-${var.cluster-name}"
       thanos_bucket_force_destroy           = false
-      thanos_bucket_location                = ""
-      thanos_kms_bucket_location            = ""
       thanos_store_config                   = null
       thanos_version                        = "v0.36.1"
       thanos_service_account                = ""
@@ -30,7 +29,6 @@ locals {
       default_global_requests               = false
       default_global_limits                 = false
       manage_crds                           = true
-      cloud_storage_service_account         = ""
       name_prefix                           = "kube-prometheus-stack"
     },
     var.kube-prometheus-stack
@@ -50,7 +48,7 @@ grafana:
     dashboards:
       multicluster:
         global:
-          enabled: ${local.kube-prometheus-stack["thanos_sidecar_enabled"] ? "true" : "false"}
+          enabled: ${local.kube-prometheus-stack["thanos_sidecar_enabled"] || local.thanos-receive["enabled"] ? "true" : "false"}
   rbac:
     pspEnabled: false
   serviceAccount:
@@ -79,7 +77,7 @@ prometheus:
     enabled: ${local.thanos["enabled"]}
   serviceAccount:
     create: true
-    name: ${local.kube-prometheus-stack["name_prefix"]}-thanos
+    name: ${local.kube-prometheus-stack["prometheus_service_account_name"]}
     annotations:
       iam.gke.io/gcp-service-account: ${local.kube-prometheus-stack["thanos_sidecar_enabled"] ? module.iam_assumable_sa_kube-prometheus-stack_thanos[0].gcp_service_account_email : ""}
   prometheusSpec:
@@ -204,7 +202,34 @@ prometheus:
           name: "${local.kube-prometheus-stack["thanos_bucket"]}-config"
 VALUES
 
-  values_grafana_ds = <<VALUES
+  values_thanos_receive = <<VALUES
+prometheus:
+  prometheusSpec:
+    externalLabels:
+      cluster: ${var.cluster-name}
+    remoteWrite:
+    - url: "http://thanos-receive:19291/api/v1/receive"
+      name: "thanos-receive"
+      enableHttp2: true
+VALUES
+
+  values_grafana_ds_default = <<VALUES
+grafana:
+  sidecar:
+    datasources:
+      defaultDatasourceEnabled: false
+  additionalDataSources:
+  - name: Prometheus
+    access: proxy
+    editable: false
+    orgId: 1
+    type: prometheus
+    url: http://${local.kube-prometheus-stack["name"]}-prometheus:9090
+    version: 1
+    isDefault: true
+VALUES
+
+  values_grafana_ds_thanos = <<VALUES
 grafana:
   sidecar:
     datasources:
@@ -215,9 +240,12 @@ grafana:
     editable: false
     orgId: 1
     type: prometheus
-    url: http://${local.thanos["enabled"] ? "${local.thanos["name"]}-query-frontend:9090" : "${local.kube-prometheus-stack["name"]}-prometheus:9090"}
+    url: http://${local.thanos["name"]}-query-frontend:9090
     version: 1
     isDefault: true
+    jsonData:
+      prometheusType: Thanos
+      thanosVersion: ">0.31.x"
 VALUES
 
   values_dashboard_thanos = <<VALUES
@@ -232,7 +260,7 @@ grafana:
         url: https://raw.githubusercontent.com/thanos-io/thanos/master/examples/dashboards/query.json
       thanos-store:
         url: https://raw.githubusercontent.com/thanos-io/thanos/master/examples/dashboards/store.json
-      thanos-receiver:
+      thanos-receive:
         url: https://raw.githubusercontent.com/thanos-io/thanos/master/examples/dashboards/receive.json
       thanos-sidecar:
         url: https://raw.githubusercontent.com/thanos-io/thanos/master/examples/dashboards/sidecar.json
@@ -259,7 +287,8 @@ module "iam_assumable_sa_kube-prometheus-stack_grafana" {
   namespace           = local.kube-prometheus-stack["namespace"]
   project_id          = var.project_id
   name                = local.kube-prometheus-stack["grafana_service_account_name"]
-  use_existing_k8s_sa = local.kube-prometheus-stack["workload_identity_use_existing_k8s_sa"]
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
 }
 
 module "iam_assumable_sa_kube-prometheus-stack_thanos" {
@@ -269,7 +298,8 @@ module "iam_assumable_sa_kube-prometheus-stack_thanos" {
   namespace           = local.kube-prometheus-stack["namespace"]
   project_id          = var.project_id
   name                = "${local.kube-prometheus-stack["name_prefix"]}-thanos"
-  use_existing_k8s_sa = local.kube-prometheus-stack["workload_identity_use_existing_k8s_sa"]
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
 }
 
 resource "kubernetes_secret" "kube-prometheus-stack_thanos" {
@@ -285,14 +315,14 @@ resource "kubernetes_secret" "kube-prometheus-stack_thanos" {
 }
 
 resource "google_storage_bucket_iam_member" "kube_prometheus_stack_thanos_bucket_objectViewer_iam_permission" {
-  count  = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
+  count  = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
   bucket = module.kube-prometheus-stack_kube-prometheus-stack_bucket[0].name
   role   = "roles/storage.objectViewer"
   member = "serviceAccount:${module.iam_assumable_sa_kube-prometheus-stack_thanos[0].gcp_service_account_email}"
 }
 
 resource "google_storage_bucket_iam_member" "kube_prometheus_stack_thanos_bucket_objectAdmin_iam_permission" {
-  count  = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
+  count  = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
   bucket = module.kube-prometheus-stack_kube-prometheus-stack_bucket[0].name
   role   = "roles/storage.objectAdmin"
   member = "serviceAccount:${module.iam_assumable_sa_kube-prometheus-stack_thanos[0].gcp_service_account_email}"
@@ -313,16 +343,16 @@ module "kube-prometheus-stack_grafana-iam-member" {
 }
 
 module "kube-prometheus-stack_thanos_kms_bucket" {
-  count   = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
+  count   = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
   source  = "terraform-google-modules/kms/google"
   version = "~> 3.0"
 
   project_id = var.project_id
-  location   = local.kube-prometheus-stack["thanos_kms_bucket_location"]
+  location   = data.google_client_config.current.region
   keyring    = "thanos"
   keys       = ["thanos"]
   owners = [
-    "serviceAccount:${local.kube-prometheus-stack["cloud_storage_service_account"]}"
+    "serviceAccount:service-${data.google_project.current.number}@gs-project-accounts.iam.gserviceaccount.com"
   ]
   set_owners_for = [
     "thanos"
@@ -330,12 +360,12 @@ module "kube-prometheus-stack_thanos_kms_bucket" {
 }
 
 module "kube-prometheus-stack_kube-prometheus-stack_bucket" {
-  count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
+  count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
   version    = "~> 6.0"
   project_id = var.project_id
-  location   = local.kube-prometheus-stack["thanos_bucket_location"]
+  location   = data.google_client_config.current.region
 
   name = local.kube-prometheus-stack["thanos_bucket"]
 
@@ -390,7 +420,8 @@ resource "helm_release" "kube-prometheus-stack" {
     local.thanos["enabled"] && local.kube-prometheus-stack["thanos_dashboard_enabled"] ? local.values_dashboard_thanos : null,
     local.values_dashboard_node_exporter,
     local.kube-prometheus-stack["thanos_sidecar_enabled"] ? local.values_thanos_sidecar : null,
-    local.kube-prometheus-stack["thanos_sidecar_enabled"] ? local.values_grafana_ds : null,
+    local.thanos-receive["enabled"] ? local.values_thanos_receive : null,
+    ((local.kube-prometheus-stack["thanos_sidecar_enabled"] && local.thanos["enabled"]) || local.thanos-receive["enabled"]) ? local.values_grafana_ds_thanos : local.values_grafana_ds_default,
     local.kube-prometheus-stack["default_global_requests"] ? local.values_kps_global_requests : null,
     local.kube-prometheus-stack["default_global_limits"] ? local.values_kps_global_limits : null,
     local.kube-prometheus-stack["extra_values"]
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index e730b0001..795c2adc7 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -169,7 +169,7 @@ module "loki-stack_kms_bucket" {
   keyring    = "loki-stack"
   keys       = ["loki-stack"]
   owners = [
-    "serviceAccount:${local.loki-stack["cloud_storage_service_account"]}"
+    "serviceAccount:service-${data.google_project.current.number}@gs-project-accounts.iam.gserviceaccount.com"
   ]
   set_owners_for = [
     "loki-stack"
diff --git a/modules/google/thanos-receive.tf b/modules/google/thanos-receive.tf
new file mode 100644
index 000000000..37aa4c781
--- /dev/null
+++ b/modules/google/thanos-receive.tf
@@ -0,0 +1,303 @@
+locals {
+
+  thanos-receive = merge(
+    local.helm_defaults,
+    {
+      name                    = local.helm_dependencies[index(local.helm_dependencies.*.name, "thanos")].name
+      chart                   = local.helm_dependencies[index(local.helm_dependencies.*.name, "thanos")].name
+      repository              = local.helm_dependencies[index(local.helm_dependencies.*.name, "thanos")].repository
+      chart_version           = local.helm_dependencies[index(local.helm_dependencies.*.name, "thanos")].version
+      namespace               = "monitoring"
+      create_iam_resources    = true
+      iam_policy_override     = null
+      create_ns               = false
+      enabled                 = false
+      default_network_policy  = true
+      default_global_requests = false
+      default_global_limits   = false
+      create_bucket           = true
+      bucket                  = "thanos-receive-store-${var.cluster-name}"
+      bucket_force_destroy    = false
+    },
+    var.thanos-receive
+  )
+
+  thanos-receive_bucket = local.thanos["bucket"]
+
+  values_thanos-receive = <<-VALUES
+    receive:
+      extraFlags:
+        - --receive.hashrings-algorithm=ketama
+      enabled: true
+      replicaCount: 2
+      replicationFactor: 1
+      pdb:
+        create: true
+        minAvailable: 1
+      serviceAccount:
+        annotations:
+          iam.gke.io/gcp-service-account: "${local.thanos-receive["enabled"] && local.thanos-receive["create_iam_resources"] ? module.iam_assumable_sa_thanos-receive-receive[0].gcp_service_account_email : ""}"
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: ${local.kube-prometheus-stack["enabled"] ? "true" : "false"}
+    compactor:
+      strategyType: Recreate
+      enabled: true
+      serviceAccount:
+        annotations:
+          iam.gke.io/gcp-service-account: "${local.thanos-receive["enabled"] && local.thanos-receive["create_iam_resources"] ? module.iam_assumable_sa_thanos-receive-compactor[0].gcp_service_account_email : ""}"
+    storegateway:
+      replicaCount: 2
+      enabled: true
+      serviceAccount:
+        annotations:
+          iam.gke.io/gcp-service-account: "${local.thanos-receive["enabled"] && local.thanos-receive["create_iam_resources"] ? module.iam_assumable_sa_thanos-receive-sg[0].gcp_service_account_email : ""}"
+      pdb:
+        create: true
+        minAvailable: 1
+    VALUES
+
+  values_thanos-receive_store_config = <<-VALUES
+    objstoreConfig:
+      type: GCS
+      config:
+        bucket: ${local.thanos-receive["bucket"]}
+    VALUES
+
+  values_thanos-receive_global_requests = <<-VALUES
+    query:
+      resources:
+        requests:
+          cpu: 25m
+          memory: 32Mi
+    queryFrontend:
+      resources:
+        requests:
+          cpu: 25m
+          memory: 32Mi
+    compactor:
+      resources:
+        requests:
+          cpu: 50m
+          memory: 258Mi
+    storegateway:
+      resources:
+        requests:
+          cpu: 25m
+          memory: 64Mi
+    receive:
+      resources:
+        requests:
+          cpu: 200m
+          memory: 512Mi
+    VALUES
+
+  values_thanos-receive_global_limits = <<-VALUES
+    query:
+      resources:
+        limits:
+          memory: 128Mi
+    queryFrontend:
+      resources:
+        limits:
+          memory: 64Mi
+    compactor:
+      resources:
+        limits:
+          memory: 2Gi
+    storegateway:
+      resources:
+        limits:
+          memory: 1Gi
+    receive:
+      resources:
+        limits:
+          memory: 1Gi
+    VALUES
+}
+
+module "iam_assumable_sa_thanos-receive-receive" {
+  count               = local.thanos-receive["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos-receive["namespace"]
+  project_id          = var.project_id
+  name                = local.thanos-receive["name"]
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+}
+
+module "iam_assumable_sa_thanos-receive-compactor" {
+  count               = local.thanos-receive["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos-receive["namespace"]
+  project_id          = var.project_id
+  name                = "${local.thanos-receive["name"]}-compactor"
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+}
+
+module "iam_assumable_sa_thanos-receive-sg" {
+  count               = local.thanos-receive["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos-receive["namespace"]
+  project_id          = var.project_id
+  name                = "${local.thanos-receive["name"]}-storegateway"
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
+}
+
+module "thanos-receive_bucket" {
+  count = local.thanos-receive["enabled"] && local.thanos-receive["create_bucket"] ? 1 : 0
+
+  source     = "terraform-google-modules/cloud-storage/google"
+  version    = "~> 6.0"
+  project_id = var.project_id
+  location   = data.google_client_config.current.region
+
+  names = [local.thanos-receive["bucket"]]
+  encryption_key_names = {
+    "${local.thanos-receive["bucket"]}" = module.thanos-receive_kms_bucket[0].keys.thanos-receive
+  }
+}
+
+module "thanos-receive_kms_bucket" {
+  count   = local.thanos-receive["enabled"] && local.thanos-receive["create_bucket"] ? 1 : 0
+  source  = "terraform-google-modules/kms/google"
+  version = "~> 3.0"
+
+  project_id = var.project_id
+  location   = data.google_client_config.current.region
+  keyring    = "thanos-receive"
+  keys       = ["thanos-receive"]
+  owners = [
+    "serviceAccount:service-${data.google_project.current.number}@gs-project-accounts.iam.gserviceaccount.com"
+  ]
+  set_owners_for = [
+    "thanos-receive"
+  ]
+}
+
+# GCS permissions for thanos-receive service account
+resource "google_storage_bucket_iam_member" "thanos-receive-receive_gcs_iam_objectViewer_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectViewer"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-receive[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+resource "google_storage_bucket_iam_member" "thanos-receive_receive_gcs_iam_objectCreator_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectCreator"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-receive[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+# GCS permissions for thanos-receive compactor service account
+resource "google_storage_bucket_iam_member" "thanos-receive_compactor_gcs_iam_objectViewer_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectViewer"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-compactor[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+resource "google_storage_bucket_iam_member" "thanos-receive_compactor_gcs_iam_objectCreator_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectCreator"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-compactor[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+resource "google_storage_bucket_iam_member" "thanos-receive_compactor_gcs_iam_legacyBucketWriter_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.legacyBucketWriter"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-compactor[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+# GCS permissions for thanos-receive storage gateway service account
+resource "google_storage_bucket_iam_member" "thanos-receive_sg_gcs_iam_objectViewer_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectViewer"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-sg[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+resource "google_storage_bucket_iam_member" "thanos-receive_sg_gcs_iam_objectCreator_permissions" {
+  count  = local.thanos-receive["enabled"] ? 1 : 0
+  bucket = local.thanos-receive["bucket"]
+  role   = "roles/storage.objectCreator"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive-sg[0].gcp_service_account_email}"
+  depends_on = [
+    module.thanos-receive_bucket
+  ]
+}
+
+resource "kubernetes_namespace" "thanos-receive" {
+  count = local.thanos-receive["enabled"] && local.thanos-receive["create_ns"] ? 1 : 0
+
+  metadata {
+    labels = {
+      name                               = local.thanos-receive["namespace"]
+      "${local.labels_prefix}/component" = "monitoring"
+    }
+
+    name = local.thanos-receive["namespace"]
+  }
+}
+
+resource "helm_release" "thanos-receive" {
+  count                 = local.thanos-receive["enabled"] ? 1 : 0
+  repository            = local.thanos-receive["repository"]
+  name                  = local.thanos-receive["name"]
+  chart                 = local.thanos-receive["chart"]
+  version               = local.thanos-receive["chart_version"]
+  timeout               = local.thanos-receive["timeout"]
+  force_update          = local.thanos-receive["force_update"]
+  recreate_pods         = local.thanos-receive["recreate_pods"]
+  wait                  = local.thanos-receive["wait"]
+  atomic                = local.thanos-receive["atomic"]
+  cleanup_on_fail       = local.thanos-receive["cleanup_on_fail"]
+  dependency_update     = local.thanos-receive["dependency_update"]
+  disable_crd_hooks     = local.thanos-receive["disable_crd_hooks"]
+  disable_webhooks      = local.thanos-receive["disable_webhooks"]
+  render_subchart_notes = local.thanos-receive["render_subchart_notes"]
+  replace               = local.thanos-receive["replace"]
+  reset_values          = local.thanos-receive["reset_values"]
+  reuse_values          = local.thanos-receive["reuse_values"]
+  skip_crds             = local.thanos-receive["skip_crds"]
+  verify                = local.thanos-receive["verify"]
+  values = compact([
+    local.values_thanos-receive,
+    local.values_thanos-receive_store_config,
+    local.thanos-receive["default_global_requests"] ? local.values_thanos-receive_global_requests : null,
+    local.thanos-receive["default_global_limits"] ? local.values_thanos-receive_global_limits : null,
+    local.thanos-receive["extra_values"]
+  ])
+  namespace = local.thanos-receive["create_ns"] ? kubernetes_namespace.thanos-receive.*.metadata.0.name[count.index] : local.thanos-receive["namespace"]
+
+  depends_on = [
+    helm_release.kube-prometheus-stack,
+  ]
+}
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index e77f50fa6..33d94c261 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -28,8 +28,8 @@ locals {
   )
 
   thanos_bucket = (
-    local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? module.kube-prometheus-stack_kube-prometheus-stack_bucket[0].name :
-    local.thanos["create_bucket"] ? module.thanos_bucket[0] : local.thanos["bucket"]
+    local.thanos["enabled"] && local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? module.kube-prometheus-stack_kube-prometheus-stack_bucket[0].name :
+    local.thanos["enabled"] && local.thanos["create_bucket"] ? module.thanos_bucket[0] : local.thanos["bucket"]
   )
 
   values_thanos = <<-VALUES
@@ -40,7 +40,7 @@ locals {
         minAvailable: 1
       serviceAccount:
         annotations:
-          iam.gke.io/gcp-service-account: "${local.thanos["enabled"] && local.thanos["create_iam_resources"] ? module.iam_assumable_sa_thanos[0].gcp_service_account_email : ""}"
+          iam.gke.io/gcp-service-account: "${local.thanos["enabled"] && local.thanos["create_iam_resources"] ? module.iam_assumable_sa_thanos-receive[0].gcp_service_account_email : ""}"
     metrics:
       enabled: true
       serviceMonitor:
@@ -221,31 +221,37 @@ locals {
     VALUES
 }
 
-module "iam_assumable_sa_thanos" {
-  count      = local.thanos["enabled"] ? 1 : 0
-  source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version    = "~> 33.0"
-  namespace  = local.thanos["namespace"]
-  project_id = var.project_id
-  name       = local.thanos["name"]
+module "iam_assumable_sa_thanos-receive" {
+  count               = local.thanos["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos["namespace"]
+  project_id          = var.project_id
+  name                = "${local.thanos["name"]}-receive"
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
 }
 
 module "iam_assumable_sa_thanos-compactor" {
-  count      = local.thanos["enabled"] ? 1 : 0
-  source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version    = "~> 33.0"
-  namespace  = local.thanos["namespace"]
-  project_id = var.project_id
-  name       = "${local.thanos["name"]}-compactor"
+  count               = local.thanos["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos["namespace"]
+  project_id          = var.project_id
+  name                = "${local.thanos["name"]}-compactor"
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
 }
 
 module "iam_assumable_sa_thanos-sg" {
-  count      = local.thanos["enabled"] ? 1 : 0
-  source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version    = "~> 33.0"
-  namespace  = local.thanos["namespace"]
-  project_id = var.project_id
-  name       = "${local.thanos["name"]}-sg"
+  count               = local.thanos["enabled"] ? 1 : 0
+  source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
+  version             = "~> 33.0"
+  namespace           = local.thanos["namespace"]
+  project_id          = var.project_id
+  name                = "${local.thanos["name"]}-storegateway"
+  use_existing_k8s_sa = true
+  annotate_k8s_sa     = false
 }
 
 module "thanos_bucket" {
@@ -274,7 +280,7 @@ module "thanos_kms_bucket" {
   keyring    = "thanos"
   keys       = ["thanos"]
   owners = [
-    "serviceAccount:${local.thanos["cloud_storage_service_account"]}"
+    "serviceAccount:service-${data.google_project.current.number}@gs-project-accounts.iam.gserviceaccount.com"
   ]
   set_owners_for = [
     "thanos"
@@ -282,18 +288,18 @@ module "thanos_kms_bucket" {
 }
 
 # GCS permissions for thanos service account
-resource "google_storage_bucket_iam_member" "thanos_gcs_iam_objectViewer_permissions" {
+resource "google_storage_bucket_iam_member" "thanos_receive_gcs_iam_objectViewer_permissions" {
   count  = local.thanos["enabled"] ? 1 : 0
   bucket = local.thanos_bucket
   role   = "roles/storage.objectViewer"
-  member = "serviceAccount:${module.iam_assumable_sa_thanos[0].gcp_service_account_email}"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive[0].gcp_service_account_email}"
 }
 
-resource "google_storage_bucket_iam_member" "thanos_gcs_iam_objectCreator_permissions" {
+resource "google_storage_bucket_iam_member" "thanos_receive_gcs_iam_objectCreator_permissions" {
   count  = local.thanos["enabled"] ? 1 : 0
   bucket = local.thanos_bucket
   role   = "roles/storage.objectCreator"
-  member = "serviceAccount:${module.iam_assumable_sa_thanos[0].gcp_service_account_email}"
+  member = "serviceAccount:${module.iam_assumable_sa_thanos-receive[0].gcp_service_account_email}"
 }
 
 # GCS permissions for thanos compactor service account
@@ -384,13 +390,13 @@ resource "helm_release" "thanos" {
 }
 
 resource "tls_private_key" "thanos-tls-querier-ca-key" {
-  count       = local.thanos["generate_ca"] ? 1 : 0
+  count       = local.thanos["enabled"] && local.thanos["generate_ca"] ? 1 : 0
   algorithm   = "ECDSA"
   ecdsa_curve = "P384"
 }
 
 resource "tls_self_signed_cert" "thanos-tls-querier-ca-cert" {
-  count             = local.thanos["generate_ca"] ? 1 : 0
+  count             = local.thanos["enabled"] && local.thanos["generate_ca"] ? 1 : 0
   private_key_pem   = tls_private_key.thanos-tls-querier-ca-key[0].private_key_pem
   is_ca_certificate = true
 
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index 6577aded7..97667c2ed 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -263,6 +263,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags for Scaleway resources | `map(any)` | `{}` | no |
 | <a name="input_thanos"></a> [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-memcached"></a> [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
+| <a name="input_thanos-receive"></a> [thanos-receive](#input\_thanos-receive) | Customize thanos chart, see `thanos-receive.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-storegateway"></a> [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
diff --git a/variables.tf b/variables.tf
index 66575f67f..3b46ca7a9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -202,6 +202,12 @@ variable "thanos-memcached" {
   default     = {}
 }
 
+variable "thanos-receive" {
+  description = "Customize thanos chart, see `thanos-receive.tf` for supported values"
+  type        = any
+  default     = {}
+}
+
 variable "tigera-operator" {
   description = "Customize tigera-operator chart, see `tigera-operator.tf` for supported values"
   type        = any

From 21d73ff07c2194777e49b1d6b00c41e866d0cf29 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 6 Oct 2024 11:35:31 +0200
Subject: [PATCH 05/58] feat(charts): update helm release kube-prometheus-stack
 to 65.0.0 (was ) (#3010)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 7fd90baac..2db29b978 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 64.0.0
+    version: 65.0.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 793827a58e810aeedd89ae88171e3f09d91ce437 Mon Sep 17 00:00:00 2001
From: "Thomas P." <TPXP@users.noreply.github.com>
Date: Sun, 6 Oct 2024 11:35:52 +0200
Subject: [PATCH 06/58] enh(cert-manager): switch from installCRDs to
 crds.enabled (#3015)

This was introduced in v1.14.0 of the chart, and installCRDs is deprecated now

> WARNING: `installCRDs` is deprecated, use `crds.enabled` instead.

Signed-off-by: Thomas P. <TPXP@users.noreply.github.com>
---
 cert-manager.tf                  | 3 ++-
 modules/aws/cert-manager.tf      | 3 ++-
 modules/google/cert-manager.tf   | 3 ++-
 modules/scaleway/cert-manager.tf | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cert-manager.tf b/cert-manager.tf
index 103835cfb..9c7404de9 100644
--- a/cert-manager.tf
+++ b/cert-manager.tf
@@ -30,7 +30,8 @@ prometheus:
     enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
 securityContext:
   fsGroup: 1001
-installCRDs: true
+crds:
+  enabled: true
 VALUES
 
 }
diff --git a/modules/aws/cert-manager.tf b/modules/aws/cert-manager.tf
index 74ae1bd33..43965ce93 100644
--- a/modules/aws/cert-manager.tf
+++ b/modules/aws/cert-manager.tf
@@ -37,7 +37,8 @@ prometheus:
     enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
 securityContext:
   fsGroup: 1001
-installCRDs: true
+crds:
+  enabled: true
 VALUES
 
 }
diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index 4d6ca09f0..3752bf8af 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -48,7 +48,8 @@ prometheus:
     honorLabels: true
 securityContext:
   fsGroup: 1001
-installCRDs: true
+crds:
+  enabled: true
 VALUES
 }
 
diff --git a/modules/scaleway/cert-manager.tf b/modules/scaleway/cert-manager.tf
index 8d8adb914..0f116786a 100644
--- a/modules/scaleway/cert-manager.tf
+++ b/modules/scaleway/cert-manager.tf
@@ -53,7 +53,8 @@ prometheus:
     enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
 securityContext:
   fsGroup: 1001
-installCRDs: true
+crds:
+  enabled: true
 VALUES
 
 }

From cdb67373c8568daf74373f3718f9ecc948a6f1fe Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 6 Oct 2024 22:48:04 +0000
Subject: [PATCH 07/58] feat(charts): update helm release kube-prometheus-stack
 to 65.1.0 (was ) (#3019)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 2db29b978..36d5dbb33 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.0.0
+    version: 65.1.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 022504ae0d2753ba84502303c667ba227114e924 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 00:50:26 +0000
Subject: [PATCH 08/58] fix(charts): update helm release metrics-server to
 3.12.2 (was ) (#3020)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 36d5dbb33..5947862a6 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -78,7 +78,7 @@ dependencies:
     version: 6.16.6
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 3.12.1
+    version: 3.12.2
     repository: https://kubernetes-sigs.github.io/metrics-server/
   - name: node-problem-detector
     version: 2.3.13

From 62988b3e99002e175fc731712f721e13bc19d442 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 09:49:57 +0000
Subject: [PATCH 09/58] fix(charts): update helm release kube-prometheus-stack
 to 65.1.1 (was ) (#3021)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 5947862a6..f93697c85 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.1.0
+    version: 65.1.1
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From f5adae63bd03d14248abba63629d6158416d5ac2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 09:53:04 +0000
Subject: [PATCH 10/58] fix(charts): update helm release thanos to 15.7.28 (was
 ) (#3022)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index f93697c85..3ab383474 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -99,7 +99,7 @@ dependencies:
     version: 2.16.1
     repository: https://bitnami-labs.github.io/sealed-secrets
   - name: thanos
-    version: 15.7.27
+    version: 15.7.28
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.28.2

From 0fe38aceb1bf648d0054e0cca296db8b5e1c41ba Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 13:42:35 +0000
Subject: [PATCH 11/58] fix(charts): update helm release
 prometheus-blackbox-exporter to 9.0.1 (was ) (#3023)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 3ab383474..ded36f16c 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -90,7 +90,7 @@ dependencies:
     version: 0.26.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-blackbox-exporter
-    version: 9.0.0
+    version: 9.0.1
     repository: https://prometheus-community.github.io/helm-charts
   - name: scaleway-webhook
     version: v0.0.1

From ae1e0d6634535db25a0145ad3224108ac55a2924 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 00:58:33 +0000
Subject: [PATCH 12/58] fix(charts): update helm release ingress-nginx to
 4.11.3 (was ) (#3024)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index ded36f16c..4b8106867 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -39,7 +39,7 @@ dependencies:
     version: 1.13.3
     repository: https://charts.fluxcd.io
   - name: ingress-nginx
-    version: 4.11.2
+    version: 4.11.3
     repository: https://kubernetes.github.io/ingress-nginx
   - name: k8gb
     version: v0.14.0

From b5b2fea191689bf9f881cffb826f6543eb0f11d3 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 17:00:14 +0000
Subject: [PATCH 13/58] fix(charts): update helm release cert-manager to
 v1.16.1 (was ) (#3025)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 4b8106867..35cde7d5b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -24,7 +24,7 @@ dependencies:
     version: 0.21.0
     repository: https://aws.github.io/eks-charts
   - name: cert-manager
-    version: v1.16.0
+    version: v1.16.1
     repository: https://charts.jetstack.io
   - name: cert-manager-csi-driver
     version: v0.10.1

From 1d4a539109a2abfd07918078960440c5c546c42d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 17:03:01 +0000
Subject: [PATCH 14/58] fix(charts): update helm release node-problem-detector
 to 2.3.14 (was ) (#3026)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 35cde7d5b..002147a69 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -81,7 +81,7 @@ dependencies:
     version: 3.12.2
     repository: https://kubernetes-sigs.github.io/metrics-server/
   - name: node-problem-detector
-    version: 2.3.13
+    version: 2.3.14
     repository: https://charts.deliveryhero.io/
   - name: prometheus-adapter
     version: 4.11.0

From d093ebd4fb8ec5e719587af7e85df29f1f3f3186 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 10 Oct 2024 02:00:47 +0000
Subject: [PATCH 15/58] fix(charts): update helm release
 secrets-store-csi-driver to 1.4.6 (was ) (#3028)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 002147a69..c2ffa40a8 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -6,7 +6,7 @@ dependencies:
     version: 0.13.2
     repository: https://charts.admiralty.io
   - name: secrets-store-csi-driver
-    version: 1.4.5
+    version: 1.4.6
     repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
   - name: aws-ebs-csi-driver
     version: 2.35.1

From 1d18947357525a908e6731bf1eb374df65f8f353 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 10 Oct 2024 07:55:50 +0000
Subject: [PATCH 16/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.1 (was ) (#3029)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index c2ffa40a8..072e7dcfe 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.0
+    version: 0.27.1
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From b5b00a0fec8e680d2603b114a51882464d45a28f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 10 Oct 2024 10:09:45 +0000
Subject: [PATCH 17/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.2 (was ) (#3030)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 072e7dcfe..207de86b1 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.1
+    version: 0.27.2
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From 983d7c3fb01c0d11256688422954a5afe210a61d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 11 Oct 2024 15:08:19 +0000
Subject: [PATCH 18/58] chore(ci): update clowdhaus/terraform-composite-actions
 action to v1.11.1 (was ) (#3032)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/pre-commit.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 7b2d85a91..070609a25 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.11.0
+        uses: clowdhaus/terraform-composite-actions/directories@v1.11.1
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -44,7 +44,7 @@ jobs:
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
@@ -52,7 +52,7 @@ jobs:
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
@@ -73,7 +73,7 @@ jobs:
         uses: clowdhaus/terraform-min-max@v1.3.1
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}

From 01b23d2ff99efdc2cf274a1c3ec1be55594ac0f4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 11 Oct 2024 15:11:29 +0000
Subject: [PATCH 19/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.3 (was ) (#3031)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 207de86b1..8eaaa3f47 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.2
+    version: 0.27.3
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From ff177bf7f2d58a7ef0fe6617e16c99d4b1d81939 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 11 Oct 2024 19:27:27 +0000
Subject: [PATCH 20/58] fix(charts): update helm release traefik to 32.1.1 (was
 ) (#3033)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 8eaaa3f47..831516a01 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: v3.28.2
     repository: https://docs.projectcalico.org/charts
   - name: traefik
-    version: 32.1.0
+    version: 32.1.1
     repository: https://helm.traefik.io/traefik
   - name: memcached
     version: 7.5.0

From 73e47ed3bfe3d28ee859ee86861426efa0cf5381 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 12 Oct 2024 03:07:42 +0000
Subject: [PATCH 21/58] fix(charts): update helm release
 aws-load-balancer-controller to 1.9.1 (was ) (#3034)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 831516a01..cb013cafa 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -18,7 +18,7 @@ dependencies:
     version: 0.1.34
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.9.0
+    version: 1.9.1
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0

From 94e7f1829452818cbc3c557f2d029722a84a075c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 12 Oct 2024 09:46:57 +0000
Subject: [PATCH 22/58] feat(charts): update helm release kube-prometheus-stack
 to 65.2.0 (was ) (#3035)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index cb013cafa..0aa657961 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.1.1
+    version: 65.2.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 3188df5be227b9aa56e0ac200a4e75f65a61fd0f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 12 Oct 2024 19:40:39 +0000
Subject: [PATCH 23/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.4 (was ) (#3036)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 0aa657961..434e51269 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.3
+    version: 0.27.4
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From 1fbe40b5b80d2e0bd73676a9aa8be2615167e549 Mon Sep 17 00:00:00 2001
From: "Thomas P." <TPXP@users.noreply.github.com>
Date: Mon, 14 Oct 2024 16:15:15 +0200
Subject: [PATCH 24/58] fix(renovate): correct typo in commit message template
 (#3037)

Signed-off-by: Thomas P. <TPXP@users.noreply.github.com>
---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index cbc44bb5b..836290545 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -38,7 +38,7 @@
   "reviewers": [
     "team:team"
   ],
-  "commitMessageExtra": "to {{newVersion}} (was {{curentVersion}})",
+  "commitMessageExtra": "to {{newVersion}} (was {{currentVersion}})",
   "prHourlyLimit": 0,
   "packageRules": [
     {

From 7b7f3c9122c663b7aab9423d43e4661eaf80ab94 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:24:07 +0000
Subject: [PATCH 25/58] fix(charts): update helm release thanos to 15.7.29 (was
 15.7.28) (#3038)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 434e51269..0c2ff26a1 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -99,7 +99,7 @@ dependencies:
     version: 2.16.1
     repository: https://bitnami-labs.github.io/sealed-secrets
   - name: thanos
-    version: 15.7.28
+    version: 15.7.29
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.28.2

From 57ecd7265ef3f46dda930f7e9c3f4256d315012b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 16:15:44 +0000
Subject: [PATCH 26/58] feat(charts): update helm release aws-ebs-csi-driver to
 2.36.0 (was 2.35.1) (#3039)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 0c2ff26a1..aaf8abc6f 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -9,7 +9,7 @@ dependencies:
     version: 1.4.6
     repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
   - name: aws-ebs-csi-driver
-    version: 2.35.1
+    version: 2.36.0
     repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
   - name: aws-efs-csi-driver
     version: 3.0.8

From 17d8673fc2f89067fb7c8056a81f4b561d1a727d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 19:53:17 +0000
Subject: [PATCH 27/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.5 (was 0.27.4) (#3040)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index aaf8abc6f..036b4b356 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.4
+    version: 0.27.5
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From dd986539320b5c203ccd0aa7a63498223528149c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 16 Oct 2024 22:20:37 +0000
Subject: [PATCH 28/58] feat(charts): update helm release loki to 6.18.0 (was
 6.16.0) (#3044)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 036b4b356..2eb9d79b6 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -72,7 +72,7 @@ dependencies:
     version: 30.12.11
     repository: https://helm.linkerd.io/stable
   - name: loki
-    version: 6.16.0
+    version: 6.18.0
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 6.16.6

From 35842399d4921114b1f5f70e8704cbee6c324614 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 09:29:32 +0000
Subject: [PATCH 29/58] feat(charts): update helm release kube-prometheus-stack
 to 65.3.1 (was 65.2.0) (#3045)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 2eb9d79b6..54bbbafa9 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.2.0
+    version: 65.3.1
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 9dafb87f74742f2fbbe5da497bf530a8a32e9b66 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 12:30:55 +0000
Subject: [PATCH 30/58] fix(charts): update helm release keda to 2.15.2 (was
 2.15.1) (#3046)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 54bbbafa9..7e8b8305f 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -51,7 +51,7 @@ dependencies:
     version: 1.0.6
     repository: oci://public.ecr.aws/karpenter
   - name: keda
-    version: 2.15.1
+    version: 2.15.2
     repository: https://kedacore.github.io/charts
   - name: kong
     version: 2.42.0

From a00c3b923b22c14eb1ac83cbaaefb4b092da52dd Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 19:38:52 +0000
Subject: [PATCH 31/58] fix(charts): update helm release memcached to 7.5.1
 (was 7.5.0) (#3049)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 7e8b8305f..6eba0f83e 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -108,7 +108,7 @@ dependencies:
     version: 32.1.1
     repository: https://helm.traefik.io/traefik
   - name: memcached
-    version: 7.5.0
+    version: 7.5.1
     repository: https://charts.bitnami.com/bitnami
   - name: velero
     version: 7.2.1

From 88de877f0ba82d3e0122433719e04173f2711f5f Mon Sep 17 00:00:00 2001
From: "Thomas P." <TPXP@users.noreply.github.com>
Date: Fri, 18 Oct 2024 06:23:35 +0200
Subject: [PATCH 32/58] fix(loki): workaround targetdown alert for loki-gateway
 (#3043)

We wouldn't get much details from nginx anyway as the pod is nginx OSS,
so let's forget about metrics for this component

Ref: https://github.com/grafana/loki/issues/9522#issuecomment-2183086539

Signed-off-by: Thomas P. <TPXP@users.noreply.github.com>
---
 loki-stack.tf                  | 4 ++++
 modules/aws/loki-stack.tf      | 4 ++++
 modules/google/loki-stack.tf   | 4 ++++
 modules/scaleway/loki-stack.tf | 4 ++++
 4 files changed, 16 insertions(+)

diff --git a/loki-stack.tf b/loki-stack.tf
index 1dd38dedc..03c14ec3d 100644
--- a/loki-stack.tf
+++ b/loki-stack.tf
@@ -22,6 +22,10 @@ locals {
 priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
 serviceMonitor:
   enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+gateway:
+  service:
+    labels:
+      prometheus.io/service-monitor: "false"
 VALUES
 }
 
diff --git a/modules/aws/loki-stack.tf b/modules/aws/loki-stack.tf
index fba1f0a4e..e581e9222 100644
--- a/modules/aws/loki-stack.tf
+++ b/modules/aws/loki-stack.tf
@@ -30,6 +30,10 @@ locals {
       enabled: false
     serviceMonitor:
       enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+    gateway:
+      service:
+        labels:
+          prometheus.io/service-monitor: "false"
     priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
     serviceAccount:
       name: ${local.loki-stack["name"]}
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index 795c2adc7..5688ff90c 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -32,6 +32,10 @@ locals {
       enabled: false
     serviceMonitor:
       enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+    gateway:
+      service:
+        labels:
+          prometheus.io/service-monitor: "false"
     priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
     serviceAccount:
       create: false
diff --git a/modules/scaleway/loki-stack.tf b/modules/scaleway/loki-stack.tf
index 4d508acaf..2d503ecdc 100644
--- a/modules/scaleway/loki-stack.tf
+++ b/modules/scaleway/loki-stack.tf
@@ -26,6 +26,10 @@ locals {
       dnsService: coredns
     serviceMonitor:
       enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+    gateway:
+      service:
+        labels:
+          prometheus.io/service-monitor: "false"
     priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
     persistence:
       enabled: true

From 0559b4f2add61400afe51500afe71605bda4c8c2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 06:23:54 +0200
Subject: [PATCH 33/58] feat(tf): update terraform
 github.com/terraform-google-modules/terraform-google-cloud-storage to v8.0.0
 (was v6.1.0) (#3047)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 modules/google/velero.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/google/velero.tf b/modules/google/velero.tf
index f3e1943dd..3270513ae 100644
--- a/modules/google/velero.tf
+++ b/modules/google/velero.tf
@@ -121,7 +121,7 @@ resource "google_service_account_iam_policy" "admin-account-iam" {
 
 module "velero_bucket" {
   count  = (local.velero["enabled"] && local.velero["create_bucket"]) ? 1 : 0
-  source = "github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket?ref=v6.1.0"
+  source = "github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket?ref=v8.0.0"
 
   name       = local.velero["name_prefix"]
   project_id = data.google_project.current.project_id

From f3d78c9eb9670c21fbf85b9019dab832f02422a3 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 06:24:07 +0200
Subject: [PATCH 34/58] feat(tf): update terraform
 terraform-google-modules/kubernetes-engine/google to 33.1.0 (was 33.0.4)
 (#3027)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 modules/google/cert-manager.tf | 2 +-
 modules/google/external-dns.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index 3752bf8af..3de35852d 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -58,7 +58,7 @@ VALUES
 module "cert_manager_workload_identity" {
   count               = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0.0"
+  version             = "~> 33.1.0"
   name                = local.cert-manager.service_account_name
   namespace           = local.cert-manager.namespace
   project_id          = local.cert-manager.project_id
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index 510fe427c..63e2c8fe6 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
 # to be allowed to use the workload identity on GKE.
 module "external_dns_workload_identity" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version = "~> 33.0.0"
+  version = "~> 33.1.0"
 
   for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
 

From 11a34a2c8da900377492a872fa11bac9239eee9e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 06:24:14 +0200
Subject: [PATCH 35/58] feat(tf): update terraform
 terraform-google-modules/cloud-storage/google to 8.0.0 (was 6.1.0) (#3048)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 modules/google/kube-prometheus.tf | 2 +-
 modules/google/loki-stack.tf      | 2 +-
 modules/google/thanos-receive.tf  | 2 +-
 modules/google/thanos.tf          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index b27d48755..c731b9513 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -363,7 +363,7 @@ module "kube-prometheus-stack_kube-prometheus-stack_bucket" {
   count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 6.0"
+  version    = "~> 8.0"
   project_id = var.project_id
   location   = data.google_client_config.current.region
 
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index 5688ff90c..c23bf5c57 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -184,7 +184,7 @@ module "loki-stack_bucket" {
   count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 6.0"
+  version    = "~> 8.0"
   project_id = var.project_id
   location   = local.loki-stack["bucket_location"]
 
diff --git a/modules/google/thanos-receive.tf b/modules/google/thanos-receive.tf
index 37aa4c781..d20014d5c 100644
--- a/modules/google/thanos-receive.tf
+++ b/modules/google/thanos-receive.tf
@@ -154,7 +154,7 @@ module "thanos-receive_bucket" {
   count = local.thanos-receive["enabled"] && local.thanos-receive["create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google"
-  version    = "~> 6.0"
+  version    = "~> 8.0"
   project_id = var.project_id
   location   = data.google_client_config.current.region
 
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index 33d94c261..f7d304594 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -258,7 +258,7 @@ module "thanos_bucket" {
   count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 6.0"
+  version    = "~> 8.0"
   project_id = var.project_id
   location   = local.thanos["bucket_location"]
 

From 730a01a03271a5436cc8b538f5dc0016e42075a2 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Fri, 18 Oct 2024 06:27:15 +0200
Subject: [PATCH 36/58] chore: fix pre-commit

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 .pre-commit-config.yaml  |  4 ++--
 modules/google/README.md | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d08006a75..98c7459b9 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -9,11 +9,11 @@ repos:
         - --tf-init-args=-upgrade
     - id: terraform_docs
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.6.0
+  rev: v5.0.0
   hooks:
     - id: check-merge-conflict
     - id: end-of-file-fixer
 - repo: https://github.com/renovatebot/pre-commit-hooks
-  rev: 38.106.4
+  rev: 38.126.2
   hooks:
     - id: renovate-config-validator
diff --git a/modules/google/README.md b/modules/google/README.md
index dc23b9a80..57585811c 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -48,8 +48,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0.0 |
-| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0.0 |
+| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.1.0 |
+| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.1.0 |
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_grafana"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_thanos"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_loki-stack"></a> [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
@@ -61,17 +61,17 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="module_iam_assumable_sa_thanos-sg"></a> [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_iam_assumable_sa_thanos-storegateway"></a> [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
 | <a name="module_kube-prometheus-stack_grafana-iam-member"></a> [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 8.0 |
-| <a name="module_kube-prometheus-stack_kube-prometheus-stack_bucket"></a> [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
+| <a name="module_kube-prometheus-stack_kube-prometheus-stack_bucket"></a> [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 8.0 |
 | <a name="module_kube-prometheus-stack_thanos_kms_bucket"></a> [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
-| <a name="module_loki-stack_bucket"></a> [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
+| <a name="module_loki-stack_bucket"></a> [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 8.0 |
 | <a name="module_loki-stack_bucket_iam"></a> [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
 | <a name="module_loki-stack_kms_bucket"></a> [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
-| <a name="module_thanos-receive_bucket"></a> [thanos-receive\_bucket](#module\_thanos-receive\_bucket) | terraform-google-modules/cloud-storage/google | ~> 6.0 |
+| <a name="module_thanos-receive_bucket"></a> [thanos-receive\_bucket](#module\_thanos-receive\_bucket) | terraform-google-modules/cloud-storage/google | ~> 8.0 |
 | <a name="module_thanos-receive_kms_bucket"></a> [thanos-receive\_kms\_bucket](#module\_thanos-receive\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
 | <a name="module_thanos-storegateway_bucket_iam"></a> [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
-| <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
+| <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 8.0 |
 | <a name="module_thanos_kms_bucket"></a> [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
-| <a name="module_velero_bucket"></a> [velero\_bucket](#module\_velero\_bucket) | github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket | v6.1.0 |
+| <a name="module_velero_bucket"></a> [velero\_bucket](#module\_velero\_bucket) | github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket | v8.0.0 |
 
 ## Resources
 

From 2d82d602c4200756aa57de087a96176349dab4f2 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Fri, 18 Oct 2024 13:58:22 +0200
Subject: [PATCH 37/58] fix(google): velero condition

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 modules/google/velero.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/google/velero.tf b/modules/google/velero.tf
index 3270513ae..1008b8e95 100644
--- a/modules/google/velero.tf
+++ b/modules/google/velero.tf
@@ -49,7 +49,7 @@ serviceAccount:
     name: ${local.velero["service_account_name"]}
     create: true
     annotations:
-      iam.gke.io/gcp-service-account: ${local.velero["create_iam_account"] ? google_service_account.velero[0].email : ""}
+       ${local.velero["create_iam_account"] ? "iam.gke.io/gcp-service-account: ${google_service_account.velero[0].email}" : ""}
 priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
 credentials:
   useSecret: false

From e8c76728f6b04576e9d0c8fd98d2e99be06d2898 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Fri, 18 Oct 2024 13:59:02 +0200
Subject: [PATCH 38/58] feat(google): enable thanos dashboard when receiver is
 enable

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 modules/google/kube-prometheus.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index c731b9513..a2886828c 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -417,7 +417,7 @@ resource "helm_release" "kube-prometheus-stack" {
   values = compact([
     local.values_kube-prometheus-stack,
     local.ingress-nginx["enabled"] ? local.values_dashboard_ingress-nginx : null,
-    local.thanos["enabled"] && local.kube-prometheus-stack["thanos_dashboard_enabled"] ? local.values_dashboard_thanos : null,
+    ((local.thanos["enabled"] && local.kube-prometheus-stack["thanos_dashboard_enabled"]) || local.thanos-receive["enabled"]) ? local.values_dashboard_thanos : null,
     local.values_dashboard_node_exporter,
     local.kube-prometheus-stack["thanos_sidecar_enabled"] ? local.values_thanos_sidecar : null,
     local.thanos-receive["enabled"] ? local.values_thanos_receive : null,

From a4222655fb453bda388440540792ebd94e7a433e Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Fri, 18 Oct 2024 13:59:44 +0200
Subject: [PATCH 39/58] fix(google): thanos receive multiple replicas

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 modules/google/thanos-receive.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/google/thanos-receive.tf b/modules/google/thanos-receive.tf
index d20014d5c..0afd052ae 100644
--- a/modules/google/thanos-receive.tf
+++ b/modules/google/thanos-receive.tf
@@ -22,18 +22,18 @@ locals {
     var.thanos-receive
   )
 
-  thanos-receive_bucket = local.thanos["bucket"]
-
   values_thanos-receive = <<-VALUES
     receive:
       extraFlags:
         - --receive.hashrings-algorithm=ketama
       enabled: true
-      replicaCount: 2
-      replicationFactor: 1
+      replicaCount: 3
+      replicationFactor: 2
       pdb:
         create: true
         minAvailable: 1
+      service:
+        additionalHeadless: true
       serviceAccount:
         annotations:
           iam.gke.io/gcp-service-account: "${local.thanos-receive["enabled"] && local.thanos-receive["create_iam_resources"] ? module.iam_assumable_sa_thanos-receive-receive[0].gcp_service_account_email : ""}"
@@ -123,7 +123,7 @@ module "iam_assumable_sa_thanos-receive-receive" {
   version             = "~> 33.0"
   namespace           = local.thanos-receive["namespace"]
   project_id          = var.project_id
-  name                = local.thanos-receive["name"]
+  name                = "${local.thanos-receive["name"]}-receive"
   use_existing_k8s_sa = true
   annotate_k8s_sa     = false
 }

From c7eb2f50d703aa10ed0e585411c034e12f1ed7ae Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 17:23:20 +0000
Subject: [PATCH 40/58] fix(charts): update helm release
 aws-load-balancer-controller to 1.9.2 (was 1.9.1) (#3050)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 6eba0f83e..dd0423cc7 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -18,7 +18,7 @@ dependencies:
     version: 0.1.34
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.9.1
+    version: 1.9.2
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0

From d7545a2a190219b4016c1e4056b718ffd2b45d9e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 00:59:41 +0000
Subject: [PATCH 41/58] fix(charts): update helm release memcached to 7.5.2
 (was 7.5.1) (#3051)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index dd0423cc7..43d10c68e 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -108,7 +108,7 @@ dependencies:
     version: 32.1.1
     repository: https://helm.traefik.io/traefik
   - name: memcached
-    version: 7.5.1
+    version: 7.5.2
     repository: https://charts.bitnami.com/bitnami
   - name: velero
     version: 7.2.1

From 8139ee124b463b63c6431a91e173cc5ee60a3d76 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 20:10:40 +0000
Subject: [PATCH 42/58] fix(charts): update helm release
 victoria-metrics-k8s-stack to 0.27.6 (was 0.27.5) (#3052)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 43d10c68e..a45634e95 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 7.2.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.27.5
+    version: 0.27.6
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

From 708db98b02c18f7f857ca6911c49b4b75e78c95a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 01:27:40 +0000
Subject: [PATCH 43/58] fix(charts): update helm release cluster-autoscaler to
 9.43.1 (was 9.43.0) (#3053)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index a45634e95..3dd474eb8 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -30,7 +30,7 @@ dependencies:
     version: v0.10.1
     repository: https://charts.jetstack.io
   - name: cluster-autoscaler
-    version: 9.43.0
+    version: 9.43.1
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
     version: 1.15.0

From 764140b5c2ae32ee21f650d0e432d751e6b93ed3 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 10:45:33 +0000
Subject: [PATCH 44/58] fix(charts): update helm release kube-prometheus-stack
 to 65.3.2 (was 65.3.1) (#3054)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 3dd474eb8..2289ce1a8 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.3.1
+    version: 65.3.2
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From b9a8b63ecc833f34878d2d17b99a7833c9ea0250 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 08:38:45 +0000
Subject: [PATCH 45/58] feat(charts): update helm release kube-prometheus-stack
 to 65.4.0 (was 65.3.2) (#3055)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 2289ce1a8..c772a0fe5 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.3.2
+    version: 65.4.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 4b41e72dc1b27e446b8007bdd0a68a0f1df761e8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 17:15:38 +0000
Subject: [PATCH 46/58] feat(charts): update helm release thanos to 15.8.0 (was
 15.7.29) (#3056)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index c772a0fe5..39d395173 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -99,7 +99,7 @@ dependencies:
     version: 2.16.1
     repository: https://bitnami-labs.github.io/sealed-secrets
   - name: thanos
-    version: 15.7.29
+    version: 15.8.0
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.28.2

From c73ead0d0b17b3b1720f7219274019828b1a2dfe Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 25 Oct 2024 16:31:24 +0000
Subject: [PATCH 47/58] feat(charts): update helm release kube-prometheus-stack
 to 65.5.0 (was 65.4.0) (#3057)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 39d395173..ef1fcb7c5 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.4.0
+    version: 65.5.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From fb860d8b8dbaf2de9f0bd78beb6fcab459459a8f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 29 Oct 2024 23:40:11 +0000
Subject: [PATCH 48/58] feat(charts): update helm release tigera-operator to
 v3.29.0 (was v3.28.2) (#3059)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index ef1fcb7c5..c5069e6fc 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -102,7 +102,7 @@ dependencies:
     version: 15.8.0
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.28.2
+    version: v3.29.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
     version: 32.1.1

From 54fa7471fb67d0143f90ab07a55e0df0290703b6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 04:58:29 +0000
Subject: [PATCH 49/58] fix(charts): update helm release velero to 7.2.2 (was
 7.2.1) (#3060)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index c5069e6fc..bf422511d 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -111,7 +111,7 @@ dependencies:
     version: 7.5.2
     repository: https://charts.bitnami.com/bitnami
   - name: velero
-    version: 7.2.1
+    version: 7.2.2
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
     version: 0.27.6

From 3d2ea0a44c1a05dfdd99a224d6d2e4b61efc0d27 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 11:50:22 +0000
Subject: [PATCH 50/58] fix(charts): update helm release kube-prometheus-stack
 to 65.5.1 (was 65.5.0) (#3061)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index bf422511d..157a94325 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 2.42.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 65.5.0
+    version: 65.5.1
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2

From 1ec6ac6711b482e6e0c1e2624a4adda17d733275 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 23:28:14 +0000
Subject: [PATCH 51/58] fix(charts): update karpenter docker tag to v1.0.7
 (#3064)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 157a94325..94bda684b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -48,7 +48,7 @@ dependencies:
     version: 1.7.2
     repository: https://charts.helm.sh/stable
   - name: karpenter
-    version: 1.0.6
+    version: 1.0.7
     repository: oci://public.ecr.aws/karpenter
   - name: keda
     version: 2.15.2

From 268408517313d16099490fe29e75c367d10dae96 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 1 Nov 2024 20:03:41 +0000
Subject: [PATCH 52/58] feat(charts): update helm release
 aws-load-balancer-controller to 1.10.0 (was 1.9.2) (#3065)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 94bda684b..b4644af55 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -18,7 +18,7 @@ dependencies:
     version: 0.1.34
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.9.2
+    version: 1.10.0
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0

From ad0caf0d4d69b9c2f46012262ef4f05bd3f00088 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:43:37 +0100
Subject: [PATCH 53/58] feat(charts): update helm release traefik to 33.0.0
 (was 32.1.1) (#3062)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index b4644af55..2c0f03471 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: v3.29.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
-    version: 32.1.1
+    version: 33.0.0
     repository: https://helm.traefik.io/traefik
   - name: memcached
     version: 7.5.2

From 37034d9747b5e971a11a6cb4c5c3a01697aaee65 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:43:53 +0100
Subject: [PATCH 54/58] feat(tf): update terraform
 github.com/terraform-google-modules/terraform-google-cloud-storage to v8.0.1
 (was v8.0.0) (#3058)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 modules/google/velero.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/google/velero.tf b/modules/google/velero.tf
index 1008b8e95..498038b4d 100644
--- a/modules/google/velero.tf
+++ b/modules/google/velero.tf
@@ -121,7 +121,7 @@ resource "google_service_account_iam_policy" "admin-account-iam" {
 
 module "velero_bucket" {
   count  = (local.velero["enabled"] && local.velero["create_bucket"]) ? 1 : 0
-  source = "github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket?ref=v8.0.0"
+  source = "github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket?ref=v8.0.1"
 
   name       = local.velero["name_prefix"]
   project_id = data.google_project.current.project_id

From 100596e498bc83f8a860ef32d36c55c14546dcd5 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:44:03 +0100
Subject: [PATCH 55/58] feat(tf): update terraform
 terraform-google-modules/kubernetes-engine/google to 34.0.0 (was 33.1.0)
 (#3063)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 modules/google/cert-manager.tf        | 2 +-
 modules/google/external-dns.tf        | 2 +-
 modules/google/kube-prometheus.tf     | 4 ++--
 modules/google/loki-stack.tf          | 2 +-
 modules/google/thanos-receive.tf      | 6 +++---
 modules/google/thanos-storegateway.tf | 2 +-
 modules/google/thanos.tf              | 6 +++---
 7 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index 3de35852d..730e6093f 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -58,7 +58,7 @@ VALUES
 module "cert_manager_workload_identity" {
   count               = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.1.0"
+  version             = "~> 34.0.0"
   name                = local.cert-manager.service_account_name
   namespace           = local.cert-manager.namespace
   project_id          = local.cert-manager.project_id
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index 63e2c8fe6..24acc9604 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
 # to be allowed to use the workload identity on GKE.
 module "external_dns_workload_identity" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version = "~> 33.1.0"
+  version = "~> 34.0.0"
 
   for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
 
diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index a2886828c..356880762 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -283,7 +283,7 @@ VALUES
 module "iam_assumable_sa_kube-prometheus-stack_grafana" {
   count               = local.kube-prometheus-stack["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.kube-prometheus-stack["namespace"]
   project_id          = var.project_id
   name                = local.kube-prometheus-stack["grafana_service_account_name"]
@@ -294,7 +294,7 @@ module "iam_assumable_sa_kube-prometheus-stack_grafana" {
 module "iam_assumable_sa_kube-prometheus-stack_thanos" {
   count               = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.kube-prometheus-stack["namespace"]
   project_id          = var.project_id
   name                = "${local.kube-prometheus-stack["name_prefix"]}-thanos"
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index c23bf5c57..513a902cd 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -70,7 +70,7 @@ locals {
 module "iam_assumable_sa_loki-stack" {
   count      = local.loki-stack["enabled"] ? 1 : 0
   source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version    = "~> 33.0"
+  version    = "~> 34.0"
   namespace  = local.loki-stack["namespace"]
   project_id = var.project_id
   name       = local.loki-stack["name"]
diff --git a/modules/google/thanos-receive.tf b/modules/google/thanos-receive.tf
index 0afd052ae..964d918d1 100644
--- a/modules/google/thanos-receive.tf
+++ b/modules/google/thanos-receive.tf
@@ -120,7 +120,7 @@ locals {
 module "iam_assumable_sa_thanos-receive-receive" {
   count               = local.thanos-receive["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos-receive["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos-receive["name"]}-receive"
@@ -131,7 +131,7 @@ module "iam_assumable_sa_thanos-receive-receive" {
 module "iam_assumable_sa_thanos-receive-compactor" {
   count               = local.thanos-receive["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos-receive["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos-receive["name"]}-compactor"
@@ -142,7 +142,7 @@ module "iam_assumable_sa_thanos-receive-compactor" {
 module "iam_assumable_sa_thanos-receive-sg" {
   count               = local.thanos-receive["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos-receive["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos-receive["name"]}-storegateway"
diff --git a/modules/google/thanos-storegateway.tf b/modules/google/thanos-storegateway.tf
index 0d735574d..916cad208 100644
--- a/modules/google/thanos-storegateway.tf
+++ b/modules/google/thanos-storegateway.tf
@@ -58,7 +58,7 @@ locals {
 module "iam_assumable_sa_thanos-storegateway" {
   for_each   = local.thanos-storegateway
   source     = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version    = "~> 33.0"
+  version    = "~> 34.0"
   namespace  = each.value["namespace"]
   project_id = data.google_project.current.id
   name       = "${each.value["name_prefix"]}-${each.key}"
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index f7d304594..e16590d23 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -224,7 +224,7 @@ locals {
 module "iam_assumable_sa_thanos-receive" {
   count               = local.thanos["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos["name"]}-receive"
@@ -235,7 +235,7 @@ module "iam_assumable_sa_thanos-receive" {
 module "iam_assumable_sa_thanos-compactor" {
   count               = local.thanos["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos["name"]}-compactor"
@@ -246,7 +246,7 @@ module "iam_assumable_sa_thanos-compactor" {
 module "iam_assumable_sa_thanos-sg" {
   count               = local.thanos["enabled"] ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 33.0"
+  version             = "~> 34.0"
   namespace           = local.thanos["namespace"]
   project_id          = var.project_id
   name                = "${local.thanos["name"]}-storegateway"

From 69d3fb57a0f6c6f7de7158be80f10c604b390a5e Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Mon, 4 Nov 2024 14:46:03 +0100
Subject: [PATCH 56/58] chore: fix docs

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 modules/google/README.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/modules/google/README.md b/modules/google/README.md
index 57585811c..27e25cb7b 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -48,18 +48,18 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.1.0 |
-| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.1.0 |
-| <a name="module_iam_assumable_sa_kube-prometheus-stack_grafana"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_kube-prometheus-stack_thanos"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_loki-stack"></a> [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-compactor"></a> [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-receive"></a> [iam\_assumable\_sa\_thanos-receive](#module\_iam\_assumable\_sa\_thanos-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-receive-compactor"></a> [iam\_assumable\_sa\_thanos-receive-compactor](#module\_iam\_assumable\_sa\_thanos-receive-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-receive-receive"></a> [iam\_assumable\_sa\_thanos-receive-receive](#module\_iam\_assumable\_sa\_thanos-receive-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-receive-sg"></a> [iam\_assumable\_sa\_thanos-receive-sg](#module\_iam\_assumable\_sa\_thanos-receive-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-sg"></a> [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
-| <a name="module_iam_assumable_sa_thanos-storegateway"></a> [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0.0 |
+| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0.0 |
+| <a name="module_iam_assumable_sa_kube-prometheus-stack_grafana"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_kube-prometheus-stack_thanos"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_loki-stack"></a> [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-compactor"></a> [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-receive"></a> [iam\_assumable\_sa\_thanos-receive](#module\_iam\_assumable\_sa\_thanos-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-compactor"></a> [iam\_assumable\_sa\_thanos-receive-compactor](#module\_iam\_assumable\_sa\_thanos-receive-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-receive"></a> [iam\_assumable\_sa\_thanos-receive-receive](#module\_iam\_assumable\_sa\_thanos-receive-receive) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-receive-sg"></a> [iam\_assumable\_sa\_thanos-receive-sg](#module\_iam\_assumable\_sa\_thanos-receive-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-sg"></a> [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
+| <a name="module_iam_assumable_sa_thanos-storegateway"></a> [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 34.0 |
 | <a name="module_kube-prometheus-stack_grafana-iam-member"></a> [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 8.0 |
 | <a name="module_kube-prometheus-stack_kube-prometheus-stack_bucket"></a> [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 8.0 |
 | <a name="module_kube-prometheus-stack_thanos_kms_bucket"></a> [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
@@ -71,7 +71,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="module_thanos-storegateway_bucket_iam"></a> [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
 | <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 8.0 |
 | <a name="module_thanos_kms_bucket"></a> [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
-| <a name="module_velero_bucket"></a> [velero\_bucket](#module\_velero\_bucket) | github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket | v8.0.0 |
+| <a name="module_velero_bucket"></a> [velero\_bucket](#module\_velero\_bucket) | github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket | v8.0.1 |
 
 ## Resources
 

From e935c7ebc5c80c262858babb7f1a192b0844ba1d Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Mon, 4 Nov 2024 14:48:59 +0100
Subject: [PATCH 57/58] feat: update csi external snapshotter to v8.1.0

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 csi-external-snapshotter.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/csi-external-snapshotter.tf b/csi-external-snapshotter.tf
index 5c9f599e1..6257b4f6f 100644
--- a/csi-external-snapshotter.tf
+++ b/csi-external-snapshotter.tf
@@ -3,7 +3,7 @@ locals {
   csi-external-snapshotter = merge(
     {
       enabled = false
-      version = "v6.1.0"
+      version = "v8.1.0"
     },
     var.csi-external-snapshotter
   )

From 220f6a7c5e141d891634a0a6e1faf68352a0bb11 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <archi@kiln.fi>
Date: Mon, 4 Nov 2024 14:50:05 +0100
Subject: [PATCH 58/58] chore: update pre-commit

Signed-off-by: Kevin Lefevre <archi@kiln.fi>
---
 .pre-commit-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 98c7459b9..a4c73eb1c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.96.1
+  rev: v1.96.2
   hooks:
     - id: terraform_fmt
     - id: terraform_validate
@@ -14,6 +14,6 @@ repos:
     - id: check-merge-conflict
     - id: end-of-file-fixer
 - repo: https://github.com/renovatebot/pre-commit-hooks
-  rev: 38.126.2
+  rev: 38.142.6
   hooks:
     - id: renovate-config-validator