From 43b8d5be979a6d51a902013cc681ca5f455175f2 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 9 Nov 2021 17:33:08 +0100 Subject: [PATCH 01/14] fix: thanos chart TLS breaking change Signed-off-by: Kevin Lefevre --- modules/aws/thanos-tls-querier.tf | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/aws/thanos-tls-querier.tf b/modules/aws/thanos-tls-querier.tf index faeead211..50ef05341 100644 --- a/modules/aws/thanos-tls-querier.tf +++ b/modules/aws/thanos-tls-querier.tf @@ -36,14 +36,15 @@ locals { pdb: create: true minAvailable: 1 - grpcTLS: + grpc: client: - secure: true - key: | - ${indent(8, v["generate_cert"] ? tls_private_key.thanos-tls-querier-cert-key[k].private_key_pem : "")} - cert: | - ${indent(8, v["generate_cert"] ? tls_locally_signed_cert.thanos-tls-querier-cert[k].cert_pem : "")} servername: ${v["client_server_name"]} + tls: + enabled: true + key: | + ${indent(8, v["generate_cert"] ? tls_private_key.thanos-tls-querier-cert-key[k].private_key_pem : "")} + cert: | + ${indent(8, v["generate_cert"] ? tls_locally_signed_cert.thanos-tls-querier-cert[k].cert_pem : "")} stores: ${jsonencode(v["stores"])} queryFrontend: enabled: false From 7687a417f2f5d053ff58dda1e461010d1d900cb9 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 9 Nov 2021 17:56:01 +0100 Subject: [PATCH 02/14] fix: thanos chart TLS breaking change Signed-off-by: Kevin Lefevre --- modules/aws/thanos-tls-querier.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/aws/thanos-tls-querier.tf b/modules/aws/thanos-tls-querier.tf index 50ef05341..28f108f0d 100644 --- a/modules/aws/thanos-tls-querier.tf +++ b/modules/aws/thanos-tls-querier.tf @@ -42,9 +42,9 @@ locals { tls: enabled: true key: | - ${indent(8, v["generate_cert"] ? tls_private_key.thanos-tls-querier-cert-key[k].private_key_pem : "")} + ${indent(10, v["generate_cert"] ? tls_private_key.thanos-tls-querier-cert-key[k].private_key_pem : "")} cert: | - ${indent(8, v["generate_cert"] ? tls_locally_signed_cert.thanos-tls-querier-cert[k].cert_pem : "")} + ${indent(10, v["generate_cert"] ? tls_locally_signed_cert.thanos-tls-querier-cert[k].cert_pem : "")} stores: ${jsonencode(v["stores"])} queryFrontend: enabled: false From 92eafa55b9f7fc563b41c37ca10052d0e08ea377 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Nov 2021 18:57:39 +0000 Subject: [PATCH 03/14] fix(charts): update helm release velero to v2.26.3 (#613) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index d3b41f873..1b299f421 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -120,7 +120,7 @@ dependencies: version: 0.17.1 repository: https://helm.releases.hashicorp.com - name: velero - version: 2.26.2 + version: 2.26.3 repository: https://vmware-tanzu.github.io/helm-charts - name: victoria-metrics-k8s-stack version: 0.5.8 From 56f32c20ce7734a9477a9c20f6571406edcc377a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Nov 2021 20:37:55 +0000 Subject: [PATCH 04/14] feat(charts): update helm release kube-prometheus-stack to v19.3.0 (#615) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 1b299f421..c61fb2b1d 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -60,7 +60,7 @@ dependencies: version: 2.6.0 repository: https://charts.konghq.com - name: kube-prometheus-stack - version: 19.2.3 + version: 19.3.0 repository: https://prometheus-community.github.io/helm-charts - name: kyverno version: v2.1.3 From 73a25d47fcb6b52fe6fa9478c9b9d5ff2691d38f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Nov 2021 20:40:29 +0000 Subject: [PATCH 05/14] fix(charts): update helm release kong to v2.6.1 (#614) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index c61fb2b1d..4fec4fbc7 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -57,7 +57,7 @@ dependencies: version: 15.1.0 repository: https://codecentric.github.io/helm-charts - name: kong - version: 2.6.0 + version: 2.6.1 repository: https://charts.konghq.com - name: kube-prometheus-stack version: 19.3.0 From ccbf7d7b7b26266b9d69ea4b3e335fb0ca9db0a5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Nov 2021 05:48:22 +0000 Subject: [PATCH 06/14] fix(charts): update helm release victoria-metrics-k8s-stack to v0.5.9 (#617) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 4fec4fbc7..f79aefc97 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -123,5 +123,5 @@ dependencies: version: 2.26.3 repository: https://vmware-tanzu.github.io/helm-charts - name: victoria-metrics-k8s-stack - version: 0.5.8 + version: 0.5.9 repository: https://victoriametrics.github.io/helm-charts/ From d890abe4c07f8ddc00e5c648860913501a0fd300 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 11 Nov 2021 13:19:11 +0000 Subject: [PATCH 07/14] fix(charts): update helm release thanos to v8.0.1 (#618) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index f79aefc97..0bdc48349 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -105,7 +105,7 @@ dependencies: version: 0.26.0 repository: https://strimzi.io/charts/ - name: thanos - version: 8.0.0 + version: 8.0.1 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.21.0 From dc483e6d6c2c6cf64f3c82482cc7a6c2edbc2ae7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 12 Nov 2021 10:54:40 +0000 Subject: [PATCH 08/14] fix(charts): update helm release thanos to v8.0.2 (#619) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 0bdc48349..637a9d050 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -105,7 +105,7 @@ dependencies: version: 0.26.0 repository: https://strimzi.io/charts/ - name: thanos - version: 8.0.1 + version: 8.0.2 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.21.0 From 30590b4557b11f46a556ee78fa816a69ba3e68b1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 12 Nov 2021 10:56:59 +0000 Subject: [PATCH 09/14] fix(charts): update helm release velero to v2.26.4 (#620) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 637a9d050..9a381675d 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -120,7 +120,7 @@ dependencies: version: 0.17.1 repository: https://helm.releases.hashicorp.com - name: velero - version: 2.26.3 + version: 2.26.4 repository: https://vmware-tanzu.github.io/helm-charts - name: victoria-metrics-k8s-stack version: 0.5.9 From 16856ab57afdf66a0bfa9ac28a4db5ee7b584300 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 10:56:26 +0000 Subject: [PATCH 10/14] fix(charts): update helm release traefik to v10.6.2 (#622) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 9a381675d..23f8ffc9c 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -111,7 +111,7 @@ dependencies: version: v3.21.0 repository: https://docs.projectcalico.org/charts - name: traefik - version: 10.6.1 + version: 10.6.2 repository: https://helm.traefik.io/traefik - name: memcached version: 5.15.8 From b3c0a9611184a3c9b0ac7c4cc08c52f143174a38 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 18:20:42 +0000 Subject: [PATCH 11/14] fix(charts): update helm release thanos to v8.0.3 (#624) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 23f8ffc9c..4c43f399b 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -105,7 +105,7 @@ dependencies: version: 0.26.0 repository: https://strimzi.io/charts/ - name: thanos - version: 8.0.2 + version: 8.0.3 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.21.0 From a3ce1ff8fbeab05882b0890f6895f544046a2ad0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 18:23:17 +0000 Subject: [PATCH 12/14] fix(charts): update helm release k8gb to v0.8.4 (#623) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 4c43f399b..a121667aa 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -45,7 +45,7 @@ dependencies: version: 1.7.0 repository: https://clusterfrak-dynamics.github.io/istio/ - name: k8gb - version: v0.8.3 + version: v0.8.4 repository: https://www.k8gb.io - name: karma version: 1.7.2 From 52f98a6b5762738171073dd9df8466d6bb312f3e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 16 Nov 2021 15:07:48 +0000 Subject: [PATCH 13/14] fix(charts): update helm release ingress-nginx to v4.0.8 (#625) Signed-off-by: Renovate Bot Co-authored-by: Renovate Bot --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index a121667aa..e6ab7bfaa 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -39,7 +39,7 @@ dependencies: version: 1.11.3 repository: https://charts.fluxcd.io - name: ingress-nginx - version: 4.0.6 + version: 4.0.8 repository: https://kubernetes.github.io/ingress-nginx - name: istio-operator version: 1.7.0 From 5117647e5606f20573b10fcfa71ac7ef8b6dbfd1 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 16 Nov 2021 22:44:45 +0100 Subject: [PATCH 14/14] fix: use SHA2 ssh keys for flux2 release Signed-off-by: Kevin Lefevre --- flux2.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flux2.tf b/flux2.tf index f0bf93618..f27e7bf2f 100644 --- a/flux2.tf +++ b/flux2.tf @@ -28,8 +28,8 @@ locals { ignore_fields_sync = [] known_hosts = [ - "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==", - "gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9" + "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=", + "gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=" ] }, var.flux2