From 32e8e60a121231aa81692cc90986eb5f51dffd91 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 Oct 2021 13:36:42 +0000
Subject: [PATCH 01/17] fix(charts): update helm release external-dns to
 v5.4.12 (#560)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index aebcc5e62..d87d60add 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -33,7 +33,7 @@ dependencies:
     version: 9.10.7
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
-    version: 5.4.11
+    version: 5.4.12
     repository: https://charts.bitnami.com/bitnami
   - name: flux
     version: 1.11.2

From 471f1bf3a3785e0dc0e99f47f2dbf964984f0826 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 Oct 2021 17:28:58 +0000
Subject: [PATCH 02/17] fix(charts): update helm release memcached to v5.15.7
 (#562)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index d87d60add..fa9fc8877 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -111,7 +111,7 @@ dependencies:
     version: v3.20.2
     repository: https://docs.projectcalico.org/charts
   - name: memcached
-    version: 5.15.6
+    version: 5.15.7
     repository: https://charts.bitnami.com/bitnami
   - name: vault
     version: 0.17.0

From 18149e24cb0c174cc043b8662784141bfd22ab1c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 Oct 2021 17:31:09 +0000
Subject: [PATCH 03/17] fix(charts): update helm release metrics-server to
 v5.10.5 (#563)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index fa9fc8877..f817e9355 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -78,7 +78,7 @@ dependencies:
     version: 3.8.2
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 5.10.4
+    version: 5.10.5
     repository: https://charts.bitnami.com/bitnami
   - name: node-problem-detector
     version: 2.0.9

From d915783c3d5d4a513f548511ed03f2dd6ea9acc2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 Oct 2021 17:33:34 +0000
Subject: [PATCH 04/17] fix(charts): update helm release external-dns to
 v5.4.13 (#561)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index f817e9355..0cca866c6 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -33,7 +33,7 @@ dependencies:
     version: 9.10.7
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
-    version: 5.4.12
+    version: 5.4.13
     repository: https://charts.bitnami.com/bitnami
   - name: flux
     version: 1.11.2

From 349c653f9b47e81c31ddbb62930c840539f31b9c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 Oct 2021 22:03:17 +0000
Subject: [PATCH 05/17] fix(charts): update helm release
 rabbitmq-cluster-operator to v1.0.1 (#564)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 0cca866c6..2eb171613 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -93,7 +93,7 @@ dependencies:
     version: 5.2.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: rabbitmq-cluster-operator
-    version: 1.0.0
+    version: 1.0.1
     repository: https://charts.bitnami.com/bitnami
   - name: scaleway-webhook
     version: v0.0.1

From 8b13bd942cdebdea58891235e0636065b9ccf0d8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 23 Oct 2021 16:51:31 +0000
Subject: [PATCH 06/17] fix(charts): update helm release thanos to v7.0.1
 (#565)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 2eb171613..a812cc44c 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -105,7 +105,7 @@ dependencies:
     version: 0.26.0
     repository: https://strimzi.io/charts/
   - name: thanos
-    version: 7.0.0
+    version: 7.0.1
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.20.2

From 88005601c2a575c6e5189f2371da6a5c0deb8319 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Oct 2021 18:42:52 +0000
Subject: [PATCH 07/17] fix(charts): update helm release
 rabbitmq-cluster-operator to v1.0.2 (#566)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index a812cc44c..ccaa5844f 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -93,7 +93,7 @@ dependencies:
     version: 5.2.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: rabbitmq-cluster-operator
-    version: 1.0.1
+    version: 1.0.2
     repository: https://charts.bitnami.com/bitnami
   - name: scaleway-webhook
     version: v0.0.1

From dbe84ede5dc06b62cb65ccb2cbac1f62cccbda9f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Oct 2021 18:45:30 +0000
Subject: [PATCH 08/17] fix(charts): update helm release
 aws-load-balancer-controller to v1.3.2 (#567)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index ccaa5844f..69a83798b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -18,7 +18,7 @@ dependencies:
     version: 0.1.11
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.3.1
+    version: 1.3.2
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.15.4

From f8830c024c08e5596a12367e87ef51efa52c93cc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 07:41:13 +0000
Subject: [PATCH 09/17] fix(charts): update helm release kyverno to v2.1.2
 (#568)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 69a83798b..2fb94e617 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -63,7 +63,7 @@ dependencies:
     version: 19.2.2
     repository: https://prometheus-community.github.io/helm-charts
   - name: kyverno
-    version: v2.1.1
+    version: v2.1.2
     repository: https://kyverno.github.io/kyverno/
   - name: kyverno-crds
     version: v2.0.3

From 5268396d73b1f6bde56bc344e51c99f9907b9624 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 14:30:45 +0000
Subject: [PATCH 10/17] fix(charts): update helm release vault to v0.17.1
 (#570)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 2fb94e617..e3fe27431 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -114,7 +114,7 @@ dependencies:
     version: 5.15.7
     repository: https://charts.bitnami.com/bitnami
   - name: vault
-    version: 0.17.0
+    version: 0.17.1
     repository: https://helm.releases.hashicorp.com
   - name: victoria-metrics-k8s-stack
     version: 0.5.4

From 8389adcb630c9012a996a203474f489a45bec9bc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 14:32:38 +0000
Subject: [PATCH 11/17] fix(charts): update helm release metrics-server to
 v5.10.6 (#569)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index e3fe27431..5689ab188 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -78,7 +78,7 @@ dependencies:
     version: 3.8.2
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 5.10.5
+    version: 5.10.6
     repository: https://charts.bitnami.com/bitnami
   - name: node-problem-detector
     version: 2.0.9

From 9cf2795e8fa30a3c7340d07129d2f9c935bd7361 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 15:50:34 +0000
Subject: [PATCH 12/17] feat(charts): update helm release cert-manager to
 v1.6.0 (#571)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 5689ab188..21e0e23ce 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -27,7 +27,7 @@ dependencies:
     version: 0.3.10
     repository: https://aws.github.io/eks-charts
   - name: cert-manager
-    version: v1.5.4
+    version: v1.6.0
     repository: https://charts.jetstack.io
   - name: cluster-autoscaler
     version: 9.10.7

From 87be64b8454576fa5cbe4618199da0ef0c3ec4ba Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 19:40:38 +0000
Subject: [PATCH 13/17] feat(charts): update helm release
 prometheus-blackbox-exporter to v5.3.0 (#572)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 21e0e23ce..39193af84 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -90,7 +90,7 @@ dependencies:
     version: 0.16.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-blackbox-exporter
-    version: 5.2.0
+    version: 5.3.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: rabbitmq-cluster-operator
     version: 1.0.2

From 0a62ac3532c96fbbb8963651760f677e0fdcb384 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 26 Oct 2021 21:24:12 +0000
Subject: [PATCH 14/17] fix(charts): update helm release memcached to v5.15.8
 (#573)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 39193af84..d3797c914 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -111,7 +111,7 @@ dependencies:
     version: v3.20.2
     repository: https://docs.projectcalico.org/charts
   - name: memcached
-    version: 5.15.7
+    version: 5.15.8
     repository: https://charts.bitnami.com/bitnami
   - name: vault
     version: 0.17.1

From 80d54fbb660a8cefe3e21b9059bb01cf1a874685 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 27 Oct 2021 00:59:30 +0000
Subject: [PATCH 15/17] fix(charts): update helm release metrics-server to
 v5.10.7 (#575)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index d3797c914..e927c946c 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -78,7 +78,7 @@ dependencies:
     version: 3.8.2
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 5.10.6
+    version: 5.10.7
     repository: https://charts.bitnami.com/bitnami
   - name: node-problem-detector
     version: 2.0.9

From 6d506ae85a3d0ed3233348b4540af6f90b5d4446 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 27 Oct 2021 07:38:48 +0000
Subject: [PATCH 16/17] fix(charts): update helm release external-dns to
 v5.4.14 (#576)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index e927c946c..9efb59088 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -33,7 +33,7 @@ dependencies:
     version: 9.10.7
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
-    version: 5.4.13
+    version: 5.4.14
     repository: https://charts.bitnami.com/bitnami
   - name: flux
     version: 1.11.2

From b12321305bbd53e7b277f97cdb86aba7f6f0f05a Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin@particule.io>
Date: Wed, 27 Oct 2021 13:07:34 +0200
Subject: [PATCH 17/17] Merge pull request #577 from
 particuleio/feat/velero-csi-snapshotter

feat: add velero and external snapshotter
---
 README.md                                    |   4 +
 csi-external-snapshotter.tf                  |  52 ++++
 helm-dependencies.yaml                       |   3 +
 modules/aws/README.md                        |  16 ++
 modules/aws/aws-ebs-csi-driver.tf            |  19 ++
 modules/aws/csi-external-snapshotter.tf      |   1 +
 modules/aws/variables-aws.tf                 |   6 +
 modules/aws/velero.tf                        | 268 +++++++++++++++++++
 modules/azure/README.md                      |   4 +
 modules/azure/csi-external-snapshotter.tf    |   1 +
 modules/scaleway/README.md                   |   4 +
 modules/scaleway/csi-external-snapshotter.tf |   1 +
 variables.tf                                 |   6 +
 13 files changed, 385 insertions(+)
 create mode 100644 csi-external-snapshotter.tf
 create mode 120000 modules/aws/csi-external-snapshotter.tf
 create mode 100644 modules/aws/velero.tf
 create mode 120000 modules/azure/csi-external-snapshotter.tf
 create mode 120000 modules/scaleway/csi-external-snapshotter.tf

diff --git a/README.md b/README.md
index f1f67610c..8fd422c28 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,7 @@ No modules.
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_csi_driver](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -268,10 +269,12 @@ No modules.
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
@@ -285,6 +288,7 @@ No modules.
 | <a name="input_cert-manager"></a> [cert-manager](#input\_cert-manager) | Customize cert-manager chart, see `cert-manager.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-autoscaler"></a> [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
+| <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
diff --git a/csi-external-snapshotter.tf b/csi-external-snapshotter.tf
new file mode 100644
index 000000000..d3dad8e85
--- /dev/null
+++ b/csi-external-snapshotter.tf
@@ -0,0 +1,52 @@
+locals {
+
+  csi-external-snapshotter = {
+    enabled = true
+    version = "v4.2.1"
+  }
+
+  csi-external-snapshotter_yaml_files = [
+    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml",
+    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml",
+    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml",
+    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml",
+    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml"
+  ]
+
+  #  csi-external-snapshotter_yaml_files = [
+  #    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml",
+  #    "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${local.csi-external-snapshotter.version}/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml"
+  #  ]
+
+  #  csi-external-snapshotter_apply_crds = local.csi-external-snapshotter["enabled"] ? { for k, v in data.http.csi-external-snapshotter_crds : lower(join("/", compact([yamldecode(v.body).apiVersion, yamldecode(v.body).kind, lookup(yamldecode(v.body).metadata, "namespace", ""), yamldecode(v.body).metadata.name]))) => v.body
+  # } : null
+  #
+  csi-external-snapshotter_apply = local.csi-external-snapshotter["enabled"] ? [for v in data.kubectl_file_documents.csi-external-snapshotter[0].documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ] : null
+
+}
+
+data "http" "csi-external-snapshotter" {
+  for_each = local.csi-external-snapshotter.enabled ? toset(local.csi-external-snapshotter_yaml_files) : []
+  url      = each.key
+}
+
+data "kubectl_file_documents" "csi-external-snapshotter" {
+  count   = local.csi-external-snapshotter.enabled ? 1 : 0
+  content = join("\n---\n", [for k, v in data.http.csi-external-snapshotter : v.body])
+}
+
+resource "kubectl_manifest" "csi-external-snapshotter" {
+  for_each  = local.csi-external-snapshotter.enabled ? { for v in local.csi-external-snapshotter_apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
+  yaml_body = each.value
+}
+
+#resource "kubectl_manifest" "csi-external-snapshotter" {
+#  for_each  = local.csi-external-snapshotter.enabled ? local.csi-external-snapshotter_crds_apply : {}
+#  yaml_body = each.value
+#}
+#
+#
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 9efb59088..a9a1ed028 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -116,6 +116,9 @@ dependencies:
   - name: vault
     version: 0.17.1
     repository: https://helm.releases.hashicorp.com
+  - name: velero
+    version: 2.24.0
+    repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
     version: 0.5.4
     repository: https://victoriametrics.github.io/helm-charts/
diff --git a/modules/aws/README.md b/modules/aws/README.md
index 8cc391df3..4f146988f 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -62,10 +62,12 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="module_iam_assumable_role_thanos"></a> [iam\_assumable\_role\_thanos](#module\_iam\_assumable\_role\_thanos) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 4.0 |
 | <a name="module_iam_assumable_role_thanos-storegateway"></a> [iam\_assumable\_role\_thanos-storegateway](#module\_iam\_assumable\_role\_thanos-storegateway) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 4.0 |
 | <a name="module_iam_assumable_role_vault"></a> [iam\_assumable\_role\_vault](#module\_iam\_assumable\_role\_vault) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 4.0 |
+| <a name="module_iam_assumable_role_velero"></a> [iam\_assumable\_role\_velero](#module\_iam\_assumable\_role\_velero) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 4.0 |
 | <a name="module_kube-prometheus-stack_thanos_bucket"></a> [kube-prometheus-stack\_thanos\_bucket](#module\_kube-prometheus-stack\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
 | <a name="module_loki_bucket"></a> [loki\_bucket](#module\_loki\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
 | <a name="module_security-group-efs-csi-driver"></a> [security-group-efs-csi-driver](#module\_security-group-efs-csi-driver) | terraform-aws-modules/security-group/aws//modules/nfs | ~> 4.0 |
 | <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
+| <a name="module_velero_thanos_bucket"></a> [velero\_thanos\_bucket](#module\_velero\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 2.0 |
 
 ## Resources
 
@@ -89,6 +91,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [aws_iam_policy.thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_kms_alias.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_alias.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_key.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
@@ -137,16 +140,19 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_csi_driver](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cni-metrics-helper](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
+| [kubernetes_manifest.aws-ebs-csi-driver_vsc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.aws-efs-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -182,6 +188,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -271,6 +278,8 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -317,15 +326,20 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [aws_iam_policy_document.thanos](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.vault](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.velero_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.velero_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.secrets-store-csi-driver-provider-aws](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
@@ -349,6 +363,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_cluster-autoscaler"></a> [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
 | <a name="input_cni-metrics-helper"></a> [cni-metrics-helper](#input\_cni-metrics-helper) | Customize cni-metrics-helper deployment, see `cni-metrics-helper.tf` for supported values | `any` | `{}` | no |
+| <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_eks"></a> [eks](#input\_eks) | EKS cluster inputs | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
@@ -385,6 +400,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="input_thanos-tls-querier"></a> [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
 | <a name="input_tigera-operator"></a> [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
 | <a name="input_vault"></a> [vault](#input\_vault) | Customize Hashicorp Vault chart, see `vault.tf` for supported values | `any` | `{}` | no |
+| <a name="input_velero"></a> [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
 | <a name="input_victoria-metrics-k8s-stack"></a> [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
 
 ## Outputs
diff --git a/modules/aws/aws-ebs-csi-driver.tf b/modules/aws/aws-ebs-csi-driver.tf
index f4a0526bc..4a4184db8 100644
--- a/modules/aws/aws-ebs-csi-driver.tf
+++ b/modules/aws/aws-ebs-csi-driver.tf
@@ -26,6 +26,16 @@ locals {
       use_encryption            = false
       extra_sc_parameters       = {}
       kms_enable_key_rotation   = true
+      volume_snapshot_class     = <<-VOLUME_SNAPSHOT_CLASS
+          apiVersion: snapshot.storage.k8s.io/v1
+          kind: VolumeSnapshotClass
+          metadata:
+            name: csi-aws-vsc
+            labels:
+              velero.io/csi-volumesnapshot-class: "true"
+          driver: ebs.csi.aws.com
+          deletionPolicy: Delete
+        VOLUME_SNAPSHOT_CLASS
     },
     var.aws-ebs-csi-driver
   )
@@ -122,6 +132,10 @@ resource "helm_release" "aws-ebs-csi-driver" {
     local.aws-ebs-csi-driver["extra_values"]
   ]
   namespace = local.aws-ebs-csi-driver["create_ns"] ? kubernetes_namespace.aws-ebs-csi-driver.*.metadata.0.name[count.index] : local.aws-ebs-csi-driver["namespace"]
+
+  depends_on = [
+    kubectl_manifest.csi-external-snapshotter
+  ]
 }
 
 resource "kubernetes_storage_class" "aws-ebs-csi-driver" {
@@ -197,3 +211,8 @@ resource "aws_kms_alias" "aws-ebs-csi-driver" {
   name          = "alias/aws-ebs-csi-driver-${local.aws-ebs-csi-driver.override_kms_alias != null ? local.aws-ebs-csi-driver.override_kms_alias : var.cluster-name}"
   target_key_id = aws_kms_key.aws-ebs-csi-driver.0.id
 }
+
+resource "kubernetes_manifest" "aws-ebs-csi-driver_vsc" {
+  count    = local.aws-ebs-csi-driver.enabled && local.aws-ebs-csi-driver.volume_snapshot_class != null ? 1 : 0
+  manifest = yamldecode(local.aws-ebs-csi-driver.volume_snapshot_class)
+}
diff --git a/modules/aws/csi-external-snapshotter.tf b/modules/aws/csi-external-snapshotter.tf
new file mode 120000
index 000000000..1eaf1f1eb
--- /dev/null
+++ b/modules/aws/csi-external-snapshotter.tf
@@ -0,0 +1 @@
+../../csi-external-snapshotter.tf
\ No newline at end of file
diff --git a/modules/aws/variables-aws.tf b/modules/aws/variables-aws.tf
index 5d4612c3a..21e32cb21 100644
--- a/modules/aws/variables-aws.tf
+++ b/modules/aws/variables-aws.tf
@@ -75,3 +75,9 @@ variable "tags" {
   type        = map(any)
   default     = {}
 }
+
+variable "velero" {
+  description = "Customize velero chart, see `velero.tf` for supported values"
+  type        = any
+  default     = {}
+}
diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
new file mode 100644
index 000000000..8431f57e3
--- /dev/null
+++ b/modules/aws/velero.tf
@@ -0,0 +1,268 @@
+locals {
+  velero = merge(
+    local.helm_defaults,
+    {
+      name                      = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
+      chart                     = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
+      repository                = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].repository
+      chart_version             = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].version
+      namespace                 = "velero"
+      service_account_name      = "velero"
+      enabled                   = false
+      create_iam_resources_irsa = true
+      iam_policy_override       = null
+      create_bucket             = true
+      bucket                    = "${var.cluster-name}-velero"
+      bucket_force_destroy      = false
+      allowed_cidrs             = ["0.0.0.0/0"]
+      default_network_policy    = true
+      kms_key_arn_access_list   = []
+    },
+    var.velero
+  )
+
+  values_velero = <<VALUES
+metrics:
+  serviceMonitor:
+    enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
+configuration:
+  provider: aws
+  features: EnableCSI
+  backupStorageLocation:
+    bucket: ${local.velero.bucket}
+    default: true
+    config:
+      region: ${data.aws_region.current.name}
+  volumeSnapshotLocation:
+    config:
+      region: ${data.aws_region.current.name}
+serviceAccount:
+  server:
+    name: ${local.velero["service_account_name"]}
+    annotations:
+      eks.amazonaws.com/role-arn: "${local.velero["enabled"] && local.velero["create_iam_resources_irsa"] ? module.iam_assumable_role_velero.iam_role_arn : ""}"
+priorityClassName: ${local.priority-class-ds["create"] ? kubernetes_priority_class.kubernetes_addons_ds[0].metadata[0].name : ""}
+credentials:
+  useSecret: false
+initContainers:
+   - name: velero-plugin-for-aws
+     image: velero/velero-plugin-for-aws:v1.3.0
+     imagePullPolicy: IfNotPresent
+     volumeMounts:
+       - mountPath: /target
+         name: plugins
+   - name: velero-plugin-for-csi
+     image: velero/velero-plugin-for-csi:v0.2.0
+     imagePullPolicy: IfNotPresent
+     volumeMounts:
+       - mountPath: /target
+         name: plugins
+VALUES
+
+}
+
+module "iam_assumable_role_velero" {
+  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
+  version                       = "~> 4.0"
+  create_role                   = local.velero["enabled"] && local.velero["create_iam_resources_irsa"]
+  role_name                     = "${var.cluster-name}-${local.velero["name"]}-irsa"
+  provider_url                  = replace(var.eks["cluster_oidc_issuer_url"], "https://", "")
+  role_policy_arns              = local.velero["enabled"] && local.velero["create_iam_resources_irsa"] ? [aws_iam_policy.velero[0].arn] : []
+  number_of_role_policy_arns    = 1
+  oidc_fully_qualified_subjects = ["system:serviceaccount:${local.velero["namespace"]}:${local.velero["service_account_name"]}"]
+  tags                          = local.tags
+}
+
+resource "aws_iam_policy" "velero" {
+  count  = local.velero["enabled"] && local.velero["create_iam_resources_irsa"] ? 1 : 0
+  name   = "${var.cluster-name}-${local.velero["name"]}-velero"
+  policy = local.velero["iam_policy_override"] == null ? data.aws_iam_policy_document.velero.0.json : local.velero["iam_policy_override"]
+  tags   = local.tags
+}
+
+data "aws_iam_policy_document" "velero" {
+  count = local.velero.enabled && local.velero.create_iam_resources_irsa ? 1 : 0
+  source_policy_documents = [
+    data.aws_iam_policy_document.velero_default.0.json,
+    local.velero.kms_key_arn_access_list != [] ? data.aws_iam_policy_document.velero_kms.0.json : jsonencode({})
+  ]
+}
+
+data "aws_iam_policy_document" "velero_default" {
+  count = local.velero.enabled && local.velero.create_iam_resources_irsa ? 1 : 0
+  statement {
+    effect = "Allow"
+    actions = [
+      "ec2:DescribeVolumes",
+      "ec2:DescribeSnapshots",
+      "ec2:CreateTags",
+      "ec2:CreateVolume",
+      "ec2:CreateSnapshot",
+      "ec2:DeleteSnapshot"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetObject",
+      "s3:DeleteObject",
+      "s3:PutObject",
+      "s3:AbortMultipartUpload",
+      "s3:ListMultipartUploadParts"
+    ]
+    resources = ["arn:aws:s3:::${local.velero.bucket}/*"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "s3:ListBucket"
+    ]
+    resources = ["arn:aws:s3:::${local.velero.bucket}"]
+  }
+}
+
+data "aws_iam_policy_document" "velero_kms" {
+  count = local.velero.enabled && local.velero.create_iam_resources_irsa && local.velero.kms_key_arn_access_list != [] ? 1 : 0
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:CreateGrant",
+      "kms:ListGrants",
+      "kms:RevokeGrant"
+    ]
+    resources = local.velero.kms_key_arn_access_list
+    condition {
+      test     = "Bool"
+      variable = "kms:GrantIsForAWSResource"
+      values   = ["true"]
+    }
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:ReEncrypt*",
+      "kms:GenerateDataKey*",
+      "kms:DescribeKey"
+    ]
+    resources = local.velero.kms_key_arn_access_list
+  }
+}
+
+module "velero_thanos_bucket" {
+  create_bucket = local.velero.enabled && local.velero.create_bucket
+
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "~> 2.0"
+
+  block_public_acls       = true
+  block_public_policy     = true
+  restrict_public_buckets = true
+  ignore_public_acls      = true
+
+  force_destroy = local.velero.bucket_force_destroy
+
+  bucket = local.velero.bucket
+  acl    = "private"
+
+  server_side_encryption_configuration = {
+    rule = {
+      apply_server_side_encryption_by_default = {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+  tags = local.tags
+}
+
+resource "kubernetes_namespace" "velero" {
+  count = local.velero["enabled"] ? 1 : 0
+
+  metadata {
+    labels = {
+      name = local.velero["namespace"]
+    }
+
+    name = local.velero["namespace"]
+  }
+}
+
+resource "helm_release" "velero" {
+  count                 = local.velero["enabled"] ? 1 : 0
+  repository            = local.velero["repository"]
+  name                  = local.velero["name"]
+  chart                 = local.velero["chart"]
+  version               = local.velero["chart_version"]
+  timeout               = local.velero["timeout"]
+  force_update          = local.velero["force_update"]
+  recreate_pods         = local.velero["recreate_pods"]
+  wait                  = local.velero["wait"]
+  atomic                = local.velero["atomic"]
+  cleanup_on_fail       = local.velero["cleanup_on_fail"]
+  dependency_update     = local.velero["dependency_update"]
+  disable_crd_hooks     = local.velero["disable_crd_hooks"]
+  disable_webhooks      = local.velero["disable_webhooks"]
+  render_subchart_notes = local.velero["render_subchart_notes"]
+  replace               = local.velero["replace"]
+  reset_values          = local.velero["reset_values"]
+  reuse_values          = local.velero["reuse_values"]
+  skip_crds             = local.velero["skip_crds"]
+  verify                = local.velero["verify"]
+  values = compact([
+    local.values_velero,
+    local.velero["extra_values"]
+  ])
+  namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+
+  depends_on = [
+    kubectl_manifest.prometheus-operator_crds
+  ]
+}
+
+resource "kubernetes_network_policy" "velero_default_deny" {
+  count = local.velero["enabled"] && local.velero["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-default-deny"
+    namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+    policy_types = ["Ingress"]
+  }
+}
+
+resource "kubernetes_network_policy" "velero_allow_namespace" {
+  count = local.velero["enabled"] && local.velero["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-namespace"
+    namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      from {
+        namespace_selector {
+          match_labels = {
+            name = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}
diff --git a/modules/azure/README.md b/modules/azure/README.md
index d93dc08bc..725739e61 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -70,6 +70,7 @@ No modules.
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_csi_driver](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -174,10 +175,12 @@ No modules.
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
@@ -191,6 +194,7 @@ No modules.
 | <a name="input_cert-manager"></a> [cert-manager](#input\_cert-manager) | Customize cert-manager chart, see `cert-manager.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-autoscaler"></a> [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
+| <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/azure/csi-external-snapshotter.tf b/modules/azure/csi-external-snapshotter.tf
new file mode 120000
index 000000000..1eaf1f1eb
--- /dev/null
+++ b/modules/azure/csi-external-snapshotter.tf
@@ -0,0 +1 @@
+../../csi-external-snapshotter.tf
\ No newline at end of file
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index 838175599..000911a0b 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -87,6 +87,7 @@ No modules.
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_csi_driver](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
@@ -208,10 +209,12 @@ No modules.
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
@@ -226,6 +229,7 @@ No modules.
 | <a name="input_cert-manager_scaleway_webhook_dns"></a> [cert-manager\_scaleway\_webhook\_dns](#input\_cert-manager\_scaleway\_webhook\_dns) | Scaleway webhook dns customization | `any` | `{}` | no |
 | <a name="input_cluster-autoscaler"></a> [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no |
 | <a name="input_cluster-name"></a> [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no |
+| <a name="input_csi-external-snapshotter"></a> [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no |
 | <a name="input_external-dns"></a> [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux"></a> [flux](#input\_flux) | Customize Flux chart, see `flux.tf` for supported values | `any` | `{}` | no |
 | <a name="input_flux2"></a> [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no |
diff --git a/modules/scaleway/csi-external-snapshotter.tf b/modules/scaleway/csi-external-snapshotter.tf
new file mode 120000
index 000000000..1eaf1f1eb
--- /dev/null
+++ b/modules/scaleway/csi-external-snapshotter.tf
@@ -0,0 +1 @@
+../../csi-external-snapshotter.tf
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 9702384b5..7bf0ff48d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -22,6 +22,12 @@ variable "cluster-name" {
   type        = string
 }
 
+variable "csi-external-snapshotter" {
+  description = "Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values"
+  type        = any
+  default     = {}
+}
+
 variable "external-dns" {
   description = "Map of map for external-dns configuration: see `external_dns.tf` for supported values"
   type        = any