From b743ba6db4deebd3408de480e41c85d78ef357d9 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 8 Nov 2021 18:44:09 +0000
Subject: [PATCH 1/4] fix(charts): update helm release loki to v2.8.1 (#610)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 8f20cce45..f06571774 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -72,7 +72,7 @@ dependencies:
     version: 2.5.0
     repository: https://grafana.github.io/helm-charts
   - name: loki
-    version: 2.8.0
+    version: 2.8.1
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 3.9.1

From fae91eeaa2a077571451316e6b60f985a22c9eea Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 8 Nov 2021 20:21:55 +0000
Subject: [PATCH 2/4] feat(charts): update helm release tigera-operator to
 v3.21.0 (#611)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index f06571774..4445c988b 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -108,7 +108,7 @@ dependencies:
     version: 8.0.0
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.20.2
+    version: v3.21.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
     version: 10.6.1

From 7910f3be40b85bf78ae283ecc7540118c6482faa Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 9 Nov 2021 01:44:18 +0000
Subject: [PATCH 3/4] feat(charts): update helm release kong to v2.6.0 (#612)

Signed-off-by: Renovate Bot <bot@renovateapp.com>

Co-authored-by: Renovate Bot <bot@renovateapp.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 4445c988b..d3b41f873 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 15.1.0
     repository: https://codecentric.github.io/helm-charts
   - name: kong
-    version: 2.5.0
+    version: 2.6.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
     version: 19.2.3

From 298fba124d6358addbbee6c81055cf4e23230f09 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin@particule.io>
Date: Tue, 9 Nov 2021 14:25:52 +0100
Subject: [PATCH 4/4] fix: add missing velero monitoring policy

Signed-off-by: Kevin Lefevre <kevin@particule.io>
---
 modules/aws/README.md |  1 +
 modules/aws/velero.tf | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/modules/aws/README.md b/modules/aws/README.md
index c46530791..f647b504d 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -284,6 +284,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
index 8431f57e3..a5be56c6f 100644
--- a/modules/aws/velero.tf
+++ b/modules/aws/velero.tf
@@ -266,3 +266,34 @@ resource "kubernetes_network_policy" "velero_allow_namespace" {
     policy_types = ["Ingress"]
   }
 }
+
+resource "kubernetes_network_policy" "velero_allow_monitoring" {
+  count = local.velero["enabled"] && local.velero["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-monitoring"
+    namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      ports {
+        port     = "8085"
+        protocol = "TCP"
+      }
+
+      from {
+        namespace_selector {
+          match_labels = {
+            "${local.labels_prefix}/component" = "monitoring"
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}