From d6830d75a9a1eab045cf69d3f555eb3320520e28 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 11:38:58 +0000
Subject: [PATCH 1/3] fix(charts): update helm release thanos to v12.0.4
 (#1789)

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index ccfe975c9..87de806f2 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -117,7 +117,7 @@ dependencies:
     version: 0.33.1
     repository: https://strimzi.io/charts/
   - name: thanos
-    version: 12.0.3
+    version: 12.0.4
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
     version: v3.25.0

From 9e77aef089ee1ee645d02d7d45c8ff4bad18a45b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 13:41:03 +0000
Subject: [PATCH 2/3] feat(charts): update helm release kube-prometheus-stack
 to v45 (#1790)

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 helm-dependencies.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 87de806f2..93c9f8f44 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -63,7 +63,7 @@ dependencies:
     version: 2.16.2
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 44.4.1
+    version: 45.0.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: kyverno
     version: 2.7.0

From c1b1503cd3a33304ccb20b2b9f679b666d84b928 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <kevin@particule.io>
Date: Thu, 9 Feb 2023 14:42:39 +0100
Subject: [PATCH 3/3] fix: force conflicts for server side apply and tigera
 operator

Signed-off-by: Kevin Lefevre <kevin@particule.io>
---
 README.md                      |  6 ++++
 modules/aws/tigera-operator.tf |  2 ++
 modules/azure/README.md        |  6 ++++
 tigera-operator.tf             | 53 +++++++++++++++++++++++++++++++++-
 4 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8548fc739..296c311b3 100644
--- a/README.md
+++ b/README.md
@@ -155,12 +155,14 @@ No modules.
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -301,14 +303,18 @@ No modules.
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.calico_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
+| [http_http.tigera-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
 ## Inputs
diff --git a/modules/aws/tigera-operator.tf b/modules/aws/tigera-operator.tf
index a63a4a9d6..f69756eb9 100644
--- a/modules/aws/tigera-operator.tf
+++ b/modules/aws/tigera-operator.tf
@@ -61,12 +61,14 @@ resource "kubectl_manifest" "tigera-operator_crds" {
   for_each          = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? { for v in local.tigera-operator_crds_apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
   yaml_body         = each.value
   server_side_apply = true
+  force_conflicts   = true
 }
 
 resource "kubectl_manifest" "calico_crds" {
   for_each          = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? { for v in local.calico_crds_apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
   yaml_body         = each.value
   server_side_apply = true
+  force_conflicts   = true
 }
 
 resource "kubernetes_namespace" "tigera-operator" {
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 424c2534d..50644414f 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -75,12 +75,14 @@ No modules.
 | [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.linkerd](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.prometheus-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [kubectl_manifest.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubernetes_config_map.loki-stack_grafana_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
 | [kubernetes_namespace.admiralty](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
@@ -207,14 +209,18 @@ No modules.
 | [flux_install.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/install) | data source |
 | [flux_sync.main](https://registry.terraform.io/providers/fluxcd/flux/latest/docs/data-sources/sync) | data source |
 | [github_repository.main](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
+| [http_http.calico_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.csi-external-snapshotter](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.kong_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [http_http.prometheus-operator_version](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
+| [http_http.tigera-operator_crds](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
 | [kubectl_file_documents.apply](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.calico_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.csi-external-snapshotter](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.kong_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
+| [kubectl_file_documents.tigera-operator_crds](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |
 | [kubectl_path_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/path_documents) | data source |
 
 ## Inputs
diff --git a/tigera-operator.tf b/tigera-operator.tf
index 08238ccde..95bc39480 100644
--- a/tigera-operator.tf
+++ b/tigera-operator.tf
@@ -6,18 +6,69 @@ locals {
       chart                  = local.helm_dependencies[index(local.helm_dependencies.*.name, "tigera-operator")].name
       repository             = local.helm_dependencies[index(local.helm_dependencies.*.name, "tigera-operator")].repository
       chart_version          = local.helm_dependencies[index(local.helm_dependencies.*.name, "tigera-operator")].version
-      namespace              = "tigera" #https://github.com/projectcalico/calico/issues/4812
+      namespace              = "tigera-operator"
       create_ns              = true
+      manage_crds            = true
       enabled                = false
       default_network_policy = true
     },
     var.tigera-operator
   )
 
+  tigera-operator_crds = "https://raw.githubusercontent.com/projectcalico/calico/${local.tigera-operator.chart_version}/manifests/operator-crds.yaml"
+
+  calico_crds = "https://raw.githubusercontent.com/projectcalico/calico/${local.tigera-operator.chart_version}/manifests/crds.yaml"
+
+  tigera-operator_crds_apply = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? [for v in data.kubectl_file_documents.tigera-operator_crds.0.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ] : null
+
+  calico_crds_apply = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? [for v in data.kubectl_file_documents.tigera-operator_crds.0.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ] : null
+
   values_tigera-operator = <<-VALUES
     VALUES
 }
 
+data "http" "tigera-operator_crds" {
+  count = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? 1 : 0
+  url   = local.tigera-operator_crds
+}
+
+data "http" "calico_crds" {
+  count = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? 1 : 0
+  url   = local.calico_crds
+}
+
+data "kubectl_file_documents" "tigera-operator_crds" {
+  count   = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? 1 : 0
+  content = data.http.tigera-operator_crds[0].response_body
+}
+
+data "kubectl_file_documents" "calico_crds" {
+  count   = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? 1 : 0
+  content = data.http.calico_crds[0].response_body
+}
+
+resource "kubectl_manifest" "tigera-operator_crds" {
+  for_each          = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? { for v in local.tigera-operator_crds_apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
+  yaml_body         = each.value
+  server_side_apply = true
+  force_conflicts   = true
+}
+
+resource "kubectl_manifest" "calico_crds" {
+  for_each          = local.tigera-operator.enabled && local.tigera-operator.manage_crds ? { for v in local.calico_crds_apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content } : {}
+  yaml_body         = each.value
+  server_side_apply = true
+  force_conflicts   = true
+}
+
 resource "kubernetes_namespace" "tigera-operator" {
   count = local.tigera-operator["enabled"] && local.tigera-operator["create_ns"] ? 1 : 0